CVE-2025-5302
published 2025-08-25CVE-2025-5302: A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The…
PriorityP345high8.6CVSS 3.0
AVNACLPRNUINSUCLILAH
EPSS
0.26%
17.3th percentile
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| run-llama | run-llama_llama_index | >= unspecified < 0.12.38 | 0.12.38 |
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
vendor_redhat8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
ghsa·2025-08-26
CVE-2025-5302 [HIGH] CWE-674 LlamaIndex affected by a Denial of Service (DOS) in JSONReader
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
OSV
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
osv·2025-08-26
CVE-2025-5302 [HIGH] LlamaIndex affected by a Denial of Service (DOS) in JSONReader
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
Red Hat
llama_index: Denial of Service (DOS) in JSONReader in run-llama/llama_index
vendor_redhat·2025-08-25·CVSS 8.6
CVE-2025-5302 [HIGH] CWE-674 llama_index: Denial of Service (DOS) in JSONReader in run-llama/llama_index
llama_index: Denial of Service (DOS) in JSONReader in run-llama/llama_index
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
A flaw was found in the JSONReader component of the llama_index Python package, where the _depth_first_yield function has no limit on the recursive number of times it is called. This vulnerability causes Python to reach its maximum recursive depth when parsing deeply nested JSON files. T
Citrix
Citrix Security Bulletin CTX213769
vendor_citrix·CVSS 9.8
CVE-2016-5302 [CRITICAL] Citrix Security Bulletin CTX213769
Citrix Security Bulletin CTX213769
CVE References: CVE-2016-5302, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX213549
vendor_citrix·CVSS 9.8
CVE-2016-5302 [CRITICAL] Citrix Security Bulletin CTX213549
Citrix Security Bulletin CTX213549
CVE References: CVE-2016-5302, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-25
Published