Home > Vulnerability Database > CVE-2025-5472

Mend.io Vulnerability Database

CVE-2025-5472

Good to know:

Date: July 7, 2025

The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/run-llama/llama_index

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-5472

Url: https://huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4

Url: https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635

Url: https://www.mend.io/vulnerability-database/CVE-2025-5472

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Recursion

CWE-674

Top Fix

Upgrade Version

Upgrade to version llama-index-core - 0.12.38;llama-index-core - 0.12.38;https://github.com/run-llama/llama_index.git - v0.12.38

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-5472

Good to know:

Date: July 7, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?