{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-46059", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-08-03T23:20:43.149Z", "dateReserved": "2025-04-22T00:00:00.000Z", "datePublished": "2025-07-29T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-03T23:20:43.149Z"}, "descriptions": [{"lang": "en", "value": "langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-execution issue was introduced by user-written code that does not adhere to the LangChain security practices."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/langchain-ai/langchain/issues/30833"}, {"url": "https://github.com/Jr61-star/CVEs/blob/main/CVE-2025-46059.md"}, {"url": "https://github.com/langchain-ai/langchain-community/issues/217#issuecomment-3144824471"}, {"url": "https://python.langchain.com/docs/security/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "tags": ["disputed"]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-29T14:55:27.105160Z", "id": "CVE-2025-46059", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:56:24.814Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-46059", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-29T14:55:27.105160Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:55:47.444Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/langchain-ai/langchain/issues/30833"}, {"url": "https://github.com/Jr61-star/CVEs/blob/main/CVE-2025-46059.md"}, {"url": "https://github.com/langchain-ai/langchain-community/issues/217#issuecomment-3144824471"}, {"url": "https://python.langchain.com/docs/security/"}], "descriptions": [{"lang": "en", "value": "langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-execution issue was introduced by user-written code that does not adhere to the LangChain security practices."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-03T23:20:43.149Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46059", "state": "PUBLISHED", "dateUpdated": "2025-08-03T23:20:43.149Z", "dateReserved": "2025-04-22T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-07-29T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-execution issue was introduced by user-written code that does not adhere to the LangChain security practices."}, {"lang": "es", "value": "Se descubri\u00f3 que langchain-ai v0.3.51 conten\u00eda una vulnerabilidad de inyecci\u00f3n indirecta de mensajes en el componente GmailToolkit. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario y comprometer la aplicaci\u00f3n mediante un mensaje de correo electr\u00f3nico manipulado."}], "id": "CVE-2025-46059", "lastModified": "2025-08-04T00:15:29.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-29T15:15:35.003", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Jr61-star/CVEs/blob/main/CVE-2025-46059.md"}, {"source": "cve@mitre.org", "url": "https://github.com/langchain-ai/langchain-community/issues/217#issuecomment-3144824471"}, {"source": "cve@mitre.org", "url": "https://github.com/langchain-ai/langchain/issues/30833"}, {"source": "cve@mitre.org", "url": "https://python.langchain.com/docs/security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "langchain-core: Langchain indirect propmpt injection", "id": "2384249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384249"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-94", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-46059", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/ee-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/ansible-dev-tools-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/ee-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/lightspeed-chatbot-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-aws-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-gcp-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/disk-image-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/granite-3.1-8b-lab-v2.1", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/granite-3.1-8b-starter-v2.1", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/knowledge-adapter-v3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/mixtral-8x7b-instruct-v0-1", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-granite-3-1-8b-lab-v2", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-granite-3-1-8b-lab-v2-1", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-granite-3-1-8b-starter-v2", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-granite-3-1-8b-starter-v2-1", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-knowledge-adapter-v3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-mixtral-8x7b-instruct-v0-1", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-prometheus-8x7b-v2-0", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-skills-adapter-v3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/modelcar-snowflake-arctic-embed-l-v2.0", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/prometheus-8x7b-v2-0", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/skills-adapter-v3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2025-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-46059\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-46059\nhttps://github.com/Jr61-star/CVEs/blob/main/CVE-2025-46059.md\nhttps://github.com/langchain-ai/langchain/issues/30833"], "threat_severity": "Important"}