Denial of Service Vulnerability in KnowledgeBaseWebReader Class of run-llama Product
CVE-2025-1752

7.5HIGH

Key Information:

Vendor: Run-llama
Status: Run-llama/llama Index
Vendor: CVE Published:; 10 May 2025

What is CVE-2025-1752?

A Denial of Service vulnerability exists in the KnowledgeBaseWebReader class of run-llama's llama_index project, specifically from version v0.12.15. Due to insufficient secure coding practices, particularly with the max_depth parameter in the get_article_urls function, attackers can exploit this vulnerability. They can repeatedly invoke this function to exhaust Python's recursion limit, leading to high resource consumption and the eventual crash of the Python process, making it a significant concern for users relying on this service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

run-llama/llama_index < 0.3.6

References

https://huntr.com/bounties/cd7b9082-7d75-42e4-84f5-dbee23...

https://github.com/run-llama/llama_index/commit/3c65db294...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2025
Vulnerability Reserved
Feb 27, 2025

JSON

Run-llama

What is CVE-2025-1752?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.