Home > Vulnerability Database > CVE-2025-1793

Mend.io Vulnerability Database

CVE-2025-1793

Good to know:

Date: June 4, 2025

Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.

Severity Score

9.8

Related Resources (5)

Url: https://github.com/run-llama/llama_index

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-1793

Url: https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e

Url: https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c

Url: https://www.mend.io/vulnerability-database/CVE-2025-1793

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version llama-index - 0.12.28;https://github.com/run-llama/llama_index.git - v0.12.28

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-1793

Good to know:

Date: June 4, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?