CNNVD-202507-611 Information

CNNVD ID

CNNVD-202507-611

Related CVE

CVE-2025-3108

• CNNVD Published: 2025-07-06

Description (Chinese)

LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.27至0.12.40版本存在安全漏洞，该漏洞源于JsonPickleSerializer组件反序列化不安全，可能导致远程代码执行。

Description (English)

LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.27 to 0.12.40 contains a security loophole stemming from the unsafe inverse sequence of the Json PickleSerializer component, which may lead to remote code implementation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LlamaIndex

Published

2025-07-06

Last Modified

2026-02-24

References

https://github.com/run-llama/llama_index/commit/702e4340623092fac4cf2fe95eb9465034856da3 https://huntr.com/bounties/9b55a5e8-74e6-4241-b323-e360dc8b110a https://access.redhat.com/security/cve/cve-2025-3108

Patch

https://github.com/run-llama/llama_index/releases