VDB
CVE-2025-6984
CVE-2025-6984
PUBLISHED
CVSS 7.5 HIGH
Langchain Community Vulnerable to XML External Entity (XXE) Attacks
EPSS 1.92% · 83.7th percentile
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
1.92%
83.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| langchain-ai | langchain-ai/langchain | unspecified |
| PyPI | langchain-community | 0 |
Exploit Intelligence
- https://huntr.com/bounties/a6b521cf-258c-41c0-9edb-d8ef976abb2a (circl)
- ci_reliability_contract.yaml (github-poc)
- ci_reliability_contract.yaml (github-poc)
- ci_reliability_contract.yaml (github-poc)
- ci_reliability_contract.yaml (github-poc)
- ci_reliability_contract.yaml (github-poc)
- ci_reliability_contract.yaml (github-poc)
- ci_reliability_contract.yaml (github-poc)
- ci_reliability_contract.yaml (github-poc)
Timeline
- Sep 4, 2025 CVE Published
- Sep 4, 2025 EPSS Score
- Sep 5, 2025 CVE Updated
- Sep 12, 2025 EPSS Score
- Sep 19, 2025 EPSS Score
- Sep 27, 2025 EPSS Score
- Oct 4, 2025 EPSS Score
- Oct 4, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 12, 2025 EPSS Score
- Oct 13, 2025 Coalition ESS Score
- Oct 19, 2025 EPSS Score
References
- https://huntr.com/bounties/a6b521cf-258c-41c0-9edb-d8ef976abb2a url
- https://nvd.nist.gov/vuln/detail/CVE-2025-6984 advisory
- https://github.com/langchain-ai/langchain-community/commit/e842452108089524e22c3a2ced851c021884556f url
- https://github.com/langchain-ai/langchain-community package
- https://github.com/langchain-ai/langchain/blob/d79b5813a0b3b243c612b77013768995e46c4337/libs/langchain/langchain/document_loaders/evernote.py#L1-L23 url