LangChain Vulnerability Exposes AI Supply-Chain Risks

Microsoft Defender Security Research analyzes CVE-2025-68664 (LangGrinch), a serialization injection vulnerability in LangChain Core that can expose secrets and instantiate unintended classes. The flaw stems from improper handling of the reserved lc key during (de)serialization and carries a CVSS score of 9.3; Microsoft urges users to upgrade to 0.3.81 or 1.2.5 and use Defender for Cloud and XDR detections to remediate.