GenAI Red Team Handbook: Exploitation of Sandbox with CVE-2025-68664 (`langchain-core 1.2.4`) by felipepenha · Pull Request #784 · OWASP/www-project-top-10-for-large-language-model-applications

felipepenha · 2025-12-27T07:35:47Z

GenAI Red Team Handbook_ Exploitation of Sandbox with CVE-2025-68664 (`langchain-core 1.2.4`)

Key Changes:

List major changes and core updates
- initiatives/genai_red_team_handbook/sandboxes/llm_local_langchain_core_v1.2.4
- initiatives/genai_red_team_handbook/exploitation/CVE-2025-68664
Keep each line under 80 characters
Focus on the "what" and "why"
Exploitation of Sandbox with CVE-2025-68664 (langchain-core<1.2.5)

Added:

New features/functionality
New files/configurations
New dependencies

felipepenha · 2025-12-27T07:36:37Z

This will be kept as a Draft PR, until after #781 is approved and merged.

…5-68664

felipepenha · 2025-12-28T07:36:53Z

I decided to rename dir CVE-2025-68664 to LangGrinch to make it easier to identify and differentiate in the future. The CVE id is still present in the documentation, though. I think having dir names as CVE codes may not be the best idea. Better to have nicknames and/or short descriptors.

Felipe Campos Penha added 3 commits December 26, 2025 23:02

feat: sandbox langchain-core 1.2.4 with CVE-2025-68664.

53fb8dd

fix: llm_local_langchain_core_v1.2.4 namespace.

912412c

add: successful exploitation of CVE-2025-68664.

c3e0d50

add: report with CVE-2025-68664 outputs.

5836f10

rossja marked this pull request as ready for review December 28, 2025 02:23

rossja self-requested a review as a code owner December 28, 2025 02:23

rossja approved these changes Dec 28, 2025

View reviewed changes

felipepenha requested a review from rossja December 28, 2025 03:20

Felipe Campos Penha added 4 commits December 27, 2025 22:15

refactor: ran black and isort.

c24d853

docs.

c8a244b

refactor: makefile.

797ec52

Merge branch 'main' into genai-red-team-handbook-exploitation-CVE-202…

5b738d1

…5-68664

felipepenha force-pushed the CVE-2025-68664 branch from 34f6b0c to 5b738d1 Compare December 28, 2025 06:26

Felipe Campos Penha added 3 commits December 27, 2025 23:16

revision: readme and makefile files.

d8552f7

docs.

b99b6b9

docs.

3548154

rename: CVE-2025-68664 to LangGrinch.

7434035

felipepenha force-pushed the CVE-2025-68664 branch from 553d5fe to 7434035 Compare December 28, 2025 07:42

Felipe Campos Penha added 3 commits December 28, 2025 00:13

docs.

6e9d362

Merge branch 'main' into CVE-2025-68664

a6eeaf9

docs: minor revision.

c465f8f

felipepenha mentioned this pull request Jan 8, 2026

LangGrinch: Exploitation of Vulnerable Sandbox CVE-2025-68664 GenAI-Security-Project/GenAI-Red-Team-Lab#1

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

GenAI Red Team Handbook: Exploitation of Sandbox with CVE-2025-68664 (`langchain-core 1.2.4`)#784

GenAI Red Team Handbook: Exploitation of Sandbox with CVE-2025-68664 (`langchain-core 1.2.4`)#784
felipepenha wants to merge 15 commits into
OWASP:mainfrom
felipepenha:CVE-2025-68664

felipepenha commented Dec 27, 2025 •

edited

Loading

Uh oh!

felipepenha commented Dec 27, 2025

Uh oh!

felipepenha commented Dec 28, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

felipepenha commented Dec 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GenAI Red Team Handbook_ Exploitation of Sandbox with CVE-2025-68664 (langchain-core 1.2.4)

Uh oh!

felipepenha commented Dec 27, 2025

Uh oh!

felipepenha commented Dec 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

felipepenha commented Dec 27, 2025 •

edited

Loading

GenAI Red Team Handbook_ Exploitation of Sandbox with CVE-2025-68664 (`langchain-core 1.2.4`)

felipepenha commented Dec 28, 2025 •

edited

Loading