CNNVD-202508-2975 Information

CNNVD ID

CNNVD-202508-2975

Related CVE

CVE-2025-5302

• CNNVD Published: 2025-08-25

Description (Chinese)

LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex v0.12.37版本存在安全漏洞，该漏洞源于JSONReader组件解析深度嵌套JSON文件时递归不受控制，可能导致拒绝服务。

Description (English)

LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex v. 0.12.37 version has a security loophole, which stems from the uncontrolled return of the JSON file when the JSONReader component resolves the deep nested JSON file, which may lead to the denial of service.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

LlamaIndex

Published

2025-08-25

Last Modified

2026-02-24

References

https://huntr.com/bounties/70041b81-de9e-4046-8c0e-6ccd557048a6 https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635 https://nvd.nist.gov/vuln/detail/CVE-2025-5302

Patch

https://github.com/run-llama/llama_index/releases