CVE-2025-6208
published 2026-02-02CVE-2025-6208: The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The…
PriorityP429medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
EPSS
0.37%
28.9th percentile
The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| run-llama | run-llama_llama_index | >= unspecified < 0.12.41 | 0.12.41 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
llama-index-core vulnerable to Uncontrolled Resource Consumption
ghsa·2026-02-02
CVE-2025-6208 [MEDIUM] CWE-400 llama-index-core vulnerable to Uncontrolled Resource Consumption
llama-index-core vulnerable to Uncontrolled Resource Consumption
The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.
OSV
llama-index-core vulnerable to Uncontrolled Resource Consumption
osv·2026-02-02
CVE-2025-6208 [MEDIUM] llama-index-core vulnerable to Uncontrolled Resource Consumption
llama-index-core vulnerable to Uncontrolled Resource Consumption
The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.
Red Hat
llama_index: llama_index: Denial of Service due to uncontrolled memory consumption in SimpleDirectoryReader
vendor_redhat·2026-02-02·CVSS 5.3
CVE-2025-6208 [MEDIUM] CWE-1050 llama_index: llama_index: Denial of Service due to uncontrolled memory consumption in SimpleDirectoryReader
llama_index: llama_index: Denial of Service due to uncontrolled memory consumption in SimpleDirectoryReader
The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.
A flaw was found in llama_index. The `SimpleDirectoryReader` component loads all files from a specified directory into memory before applying a user-defined file limit. This resource management flaw allows an attacker to cause un
No detection rules found.
No public exploits indexed.
2026-02-02
Published