CVE-2025-3225 Information
Jul 08, 2025
cve
Description
An XML Entity Expansion vulnerability also known as a ‘billion laughs’ attack exists in the sitemap parser of the run-llama/llama_index repository specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29.
Reference
https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584 https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2
Related CNNVD
CNNVD-202507-759 (Published: 2025-07-07)
Share on: