CVE-2025-6985
XML External Entity (XXE) vulnerability in langchain-text-splitters (PyPI)
What is CVE-2025-6985 About?
The HTMLSectionSplitter class in langchain-text-splitters is vulnerable to XML External Entity (XXE) attacks due to its unsafe handling of XSLT stylesheets. This allows an attacker to read arbitrary local files or initiate outbound network connections from the server. Exploitation requires no authentication or special privileges, making it a critical threat if custom XSLT is enabled.
Affected Software
Technical Details
The HTMLSectionSplitter class in langchain-text-splitters allows the use of arbitrary XSLT stylesheets, parsed by lxml.etree.parse() and lxml.etree.XSLT(). In lxml versions up to 4.9.x, external entities are resolved by default. This default behavior enables an attacker to craft a malicious XSLT stylesheet containing an XML External Entity (XXE) payload. This payload can instruct the parser to read sensitive local files (e.g., /etc/passwd, SSH keys) using the file:// URI scheme or perform server-side requests to internal or external systems using http:// or https:// schemes. Even in lxml versions 5.0 and above, where entity expansion is disabled, the XSLT document() function can still resolve URIs, allowing similar attacks unless XSLTAccessControl is explicitly applied. This allows for arbitrary file reading or fetching of URLs accessible by the LangChain process.
What is the Impact of CVE-2025-6985?
Successful exploitation may allow attackers to read arbitrary local files, retrieve sensitive information, or perform network requests to internal systems, leading to data exfiltration or reconnaissance.
What is the Exploitability of CVE-2025-6985?
Exploitation involves providing a specially crafted XSLT stylesheet containing XXE payloads. This is a low-complexity attack, typically requiring an attacker to inject or control the XSLT stylesheet provided to the HTMLSectionSplitter class. No authentication, special privileges, or user interaction are required if the application allows custom XSLT in default deployments. This is a remote attack, as the XSLT can be delivered to the server. The primary prerequisites are the use of langchain-text-splitters with HTMLSectionSplitter and the lack of hardening measures in XSLT parsing. Applications that accept user-provided XSLT or allow dynamic configuration of XSLT paths are at high risk.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-6985?
About the Fix from Resolved Security
The patch mitigates XXE (XML External Entity) and XSLT injection attacks by configuring the HTML and XML parsers with secure options: disabling network access, DTD loading, and entity resolution, and applying a strict XSLT access control. These changes effectively address CVE-2025-6985 by preventing attackers from exploiting malicious external entities or unauthorized file/network access during HTML or XSLT processing.
Available Upgrade Options
- langchain-text-splitters
- <0.3.9 → Upgrade to 0.3.9
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://huntr.com/bounties/cf78abbb-df3b-43de-b6ee-132b73ff8331
- https://github.com/langchain-ai/langchain/pull/31819
- https://osv.dev/vulnerability/GHSA-m42m-m8cr-8m58
- https://nvd.nist.gov/vuln/detail/CVE-2025-6985
- https://github.com/langchain-ai/langchain
- https://huntr.com/bounties/cf78abbb-df3b-43de-b6ee-132b73ff8331
- https://github.com/langchain-ai/langchain/commit/43eef435505a1c907227b724c0c760ad5fc01790
What are Similar Vulnerabilities to CVE-2025-6985?
Similar Vulnerabilities: CVE-2023-37905 , CVE-2020-29361 , CVE-2021-43285 , CVE-2022-24328 , CVE-2023-35805
