AI Threat Alert

CVE-2025-3108

GHSA-m84c-4c34-28gf MEDIUM
Published July 7, 2025

Incomplete Documentation of Program Execution exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
llama-index-core pip >= 0.11.15, <= 0.12.40 0.12.41

Do you use llama-index-core? You're affected.

Severity & Risk

CVSS 3.1
5.0 / 10
EPSS
1.1%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update llama-index-core to version 0.12.41

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

Incomplete Documentation of Program Execution exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause involves the use of an insecure fallback strategy without sufficient input validation or protective safeguards. Version 0.12.41 renames JsonPickleSerializer to PickleSerializer and adds a warning to the docs to only use PickleSerializer to deserialize safe things.

Weaknesses (CWE)

CWE-1112 Incomplete Documentation of Program Execution Primary

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

References

Timeline

Published
July 7, 2025
Last Modified
July 7, 2025
First Seen
March 24, 2026
Back to Threat Feed