CVE-2025-5302 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-5302 PUBLISHED CVSS 8.600000381469727 HIGH

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.

EPSS 0.06% · 18.2th percentile

Risk Scores

CVSS v3.0

8.600000381469727

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS Score

0.06%

18.2th percentile

Affected Products

Vendor	Product	Versions
PyPI	llama-index-core	0
run-llama	run-llama/llama_index	unspecified

Timeline

Aug 25, 2025 CVE Published
Aug 25, 2025 CVE Updated
Aug 26, 2025 EPSS Score
Aug 26, 2025 Coalition ESS Score
Aug 26, 2025 PoC Published
Sep 2, 2025 EPSS Score
Sep 10, 2025 EPSS Score
Sep 17, 2025 EPSS Score
Sep 24, 2025 EPSS Score
Oct 1, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score

References

Open in Interactive Console →