CVE-2025-9556

Affects: prompt injection, LangChain

CVSS: CRITICAL · 9.8 v3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: 2025-09-12
Source: nvd.nist.gov/vuln/detail/CVE-2025-9556

Description

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a statement into a prompt to read the “etc/passwd” file.

References

How GTK Cyber trains on this

AI security training at GTK Cyber covers the LLM and ML-pipeline vulnerability classes that vulnerabilities like CVE-2025-9556 fall into. Our hands-on courses are taught by Charles Givre and other practitioners who break and defend production AI systems.

AI Red-Teaming course → · Browse MITRE ATLAS techniques

Related AI/LLM CVEs

AI security training, taught by people who do the work.

Hands-on courses on adversarial AI, prompt injection, and ML pipeline security.

Explore AI Red-Teaming