CVE-2025-1752

High CVSS: 7.5

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.

Vendor

Llamaindex

Product

Llamaindex

CWE

CWE-674

Yayın Tarihi

2025-05-10 14:15:32

Güncelleme

2025-10-15 13:16:01

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-674 Llamaindex HIGH Llamaindex 2025

Referanslar

https://github.com/run-llama/llama_index/commit/3c65db2947271de3bd1927dc66a044da385de4da https://huntr.com/bounties/cd7b9082-7d75-42e4-84f5-dbee23cbc467 https://huntr.com/bounties/cd7b9082-7d75-42e4-84f5-dbee23cbc467

Benzer Kayıtlar

High

CVE-2024-14021

LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability i…

High

CVE-2024-58339

LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vuln…

High

CVE-2025-7707

The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which…

Medium

CVE-2025-6211

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the…

High

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the…

Medium

CVE-2025-6210

A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, al…