CVE-2025-1793
published 2025-06-05CVE-2025-1793: Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to…
PriorityP358critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.4th percentile
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| llamaindex | llamaindex | >= 0.12.21 < 0.12.28 | 0.12.28 |
| run-llama | run-llama_llama_index | >= unspecified < 0.12.28 | 0.12.28 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
llama_index vulnerable to SQL Injection
ghsa·2025-06-05
CVE-2025-1793 [CRITICAL] CWE-89 llama_index vulnerable to SQL Injection
llama_index vulnerable to SQL Injection
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
OSV
llama_index vulnerable to SQL Injection
osv·2025-06-05
CVE-2025-1793 [CRITICAL] llama_index vulnerable to SQL Injection
llama_index vulnerable to SQL Injection
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
Red Hat
llama-index: LlamaIndex SQL Injection Vulnerability
vendor_redhat·2025-06-05·CVSS 9.8
CVE-2025-1793 [CRITICAL] CWE-89 llama-index: LlamaIndex SQL Injection Vulnerability
llama-index: LlamaIndex SQL Injection Vulnerability
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
A flaw was found in llama-index. SQL injection vulnerabilities exist within multiple vector store integrations in version v0.12.21, allowing an attacker to execute arbitrary SQL queries. This issue enables unauthorized reading and writing of data via crafted SQL commands. Successful exploitation can lead to data breaches and potential compromise of data belonging to other users, which can be triggered remotely without
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-05
Published