AI Threat Alert

CVE-2025-5302

GHSA-7753-xrfw-ch36 HIGH
Published August 26, 2025

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
llama-index-core pip < 0.12.38 0.12.38

Do you use llama-index-core? You're affected.

Severity & Risk

CVSS 3.1
8.6 / 10
EPSS
0.1%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update llama-index-core to version 0.12.38

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.

Weaknesses (CWE)

CWE-674 Uncontrolled Recursion Primary

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

References

Timeline

Published
August 26, 2025
Last Modified
August 26, 2025
First Seen
March 24, 2026
Back to Threat Feed