CVE-2025-1752
published 2025-05-10CVE-2025-1752: A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~…
PriorityP340high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.44%
35.0th percentile
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| llamaindex | llamaindex | < 0.3.6 | 0.3.6 |
| run-llama | run-llama_llama_index | >= unspecified < 0.3.6 | 0.3.6 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LlamaIndex Vulnerable to Denial of Service (DoS)
ghsa·2025-05-10
CVE-2025-1752 [HIGH] CWE-400 LlamaIndex Vulnerable to Denial of Service (DoS)
LlamaIndex Vulnerable to Denial of Service (DoS)
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
OSV
LlamaIndex Vulnerable to Denial of Service (DoS)
osv·2025-05-10
CVE-2025-1752 [HIGH] LlamaIndex Vulnerable to Denial of Service (DoS)
LlamaIndex Vulnerable to Denial of Service (DoS)
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
Red Hat
llama-index: Denial of Service in run-llama/llama_index
vendor_redhat·2025-05-10·CVSS 7.5
CVE-2025-1752 [HIGH] CWE-400 llama-index: Denial of Service in run-llama/llama_index
llama-index: Denial of Service in run-llama/llama_index
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
A flaw was found in llama-index KnowledgeBaseWebReader. This vulnerability allows an application-level denial of service via crafting malicious input that exhausts Python's recursion limit.
Mitigation: Mitigation for this
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-10
Published