Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-6984 PoC — LangChain 信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2025/CVE-2025-6984.yaml
Associated Vulnerability
Title:LangChain 信息泄露漏洞 (CVE-2025-6984)
Description:LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.63版本存在信息泄露漏洞,该漏洞源于XML解析不安全,可能导致敏感信息泄露。
Description
langchain-ai/langchain 0.3.63 contains an XML External Entity (XXE) injection caused by insecure XML parsing in EverNoteLoader using etree.iterparse(), letting attackers disclose sensitive information, exploit requires crafted malicious XML payload.
File Snapshot

 id: CVE-2025-6984

info:
  name: langchain-ai langchain - XML External Entity Injection
  author: nu

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.