CNNVD-202507-759 Information
Jul 07, 2025
cve
CNNVD ID
CNNVD-202507-759
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.21版本存在安全漏洞,该漏洞源于站点地图解析器存在XML实体扩展漏洞,可能导致拒绝服务攻击。
Description (English)
LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.21 version has a security loophole, which stems from the site map analyser ’ s presence of an XML entity extension loophole that could lead to a denial of service attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LlamaIndex
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584 https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2 https://access.redhat.com/security/cve/cve-2025-3225
Patch
https://github.com/run-llama/llama_index/releases
Share on: