Denial of Service Vulnerability in Llama Index JSONReader Component by Run Llama
CVE-2025-5302

8.6HIGH

Key Information:

Vendor: Run-llama
Status: Run-llama/llama Index
Vendor: CVE Published:; 25 August 2025

What is CVE-2025-5302?

A denial of service vulnerability has been identified in the JSONReader component of the Llama Index repository, specifically in version v0.12.37. This issue arises from uncontrolled recursion during the parsing of deeply nested JSON files, which can cause Python to exceed its maximum recursion depth limit. Consequently, this leads to high resource consumption and potential crashes of the Python process. The vulnerability has been addressed in version v0.12.38 of the Llama Index, where the underlying issue has been resolved.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

run-llama/llama_index < 0.12.38

References

https://huntr.com/bounties/70041b81-de9e-4046-8c0e-6ccd55...

https://github.com/run-llama/llama_index/commit/c032843a0...

CVSS V3.0

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
May 28, 2025

JSON

Run-llama