Home > Vulnerability Database > CVE-2025-1752

Mend.io Vulnerability Database

CVE-2025-1752

Good to know:

Date: May 10, 2025

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/run-llama/llama_index

Url: https://huntr.com/bounties/cd7b9082-7d75-42e4-84f5-dbee23cbc467

Url: https://github.com/run-llama/llama_index/commit/3c65db2947271de3bd1927dc66a044da385de4da

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-1752

Url: https://www.mend.io/vulnerability-database/CVE-2025-1752

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Uncontrolled Recursion

CWE-674

Top Fix

Upgrade Version

Upgrade to version llama-index - 0.12.21;llama-index - 0.12.21;llama-index - 0.12.21;https://github.com/run-llama/llama_index.git - v0.12.21

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-1752

Good to know:

Date: May 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?