Is CVE-2025-67644 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2025-67644 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2025-67644

SQL injection in the SQLite checkpointer. Unsafe msgpack deserialization. Chain them together and you own the server. 46.5 million monthly downloads. Every self-hosted AI agent deployment using LangGraph's default checkpointer was vulnerable.

2025

What WebPulse reported · 1 analysis

LangGraph: The AI Agent Framework with 46 Million Downloads Has a Remote Code Execution Chain

SQL injection in the SQLite checkpointer. Unsafe msgpack deserialization. Chain them together and you own the server. 46.5 million monthly downloads. Every self

June 13, 2026

View CVE-2025-67644 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2025-71338 CVE-2025-71336 CVE-2025-71327 CVE-2025-59532 CVE-2025-4322 CVE-2025-29927 CVE-2025-55182 CVE-2025-54236