Open source macromodeling framework

LangChain, a large open source model, has disclosed a severity-level serialization injection vulnerability (CVE-2025-68664), discovered by Yarden Porat, a security researcher at Cyata Security, in which the "lc" key is missing in the serialization/deserialization process. This vulnerability, discovered by Cyata Security security researcher Yarden Porat, is caused by a missing "lc" key in the serialization/deserialization process, which allows an attacker to leak environment variables, instantiate arbitrary objects, or even remotely execute code by means of prompt injection. The vulnerability affects all deployments of LangChain Core before version 0.3.81 and within the range of versions 1.0.0-1.2.5. Officials have released patch versions 1.2.5 and 0.3.81 on December 24th and tightened the default security policy simultaneously.