First published: Sat May 10 2025(Updated: )
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
LlamaIndex | <0.12.15 | |
pip/llama-index | >=0.12.15<0.12.21 | 0.12.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-1752 is classified as a Denial of Service (DoS) vulnerability.
To fix CVE-2025-1752, update the run-llama/llama_index software to a version later than 0.12.15.
CVE-2025-1752 affects all versions of LlamaIndex up to 0.12.15.
CVE-2025-1752 is caused by inappropriate secure coding measures in the KnowledgeBaseWebReader class.
The impact of CVE-2025-1752 can lead to a Denial of Service, potentially making your application unavailable.