Stack Overflow Vulnerability in run-llama/llama_index Product

CVE-2025-5472

What is CVE-2025-5472?

CVE-2025-5472 is a serious stack overflow vulnerability found in the JSONReader component of the run-llama/llama_index software, specifically in versions up to 0.12.28. This software is used for processing and parsing JSON data, a common format for data exchange in applications. The vulnerability arises from uncontrolled recursive JSON parsing, which allows attackers to send deeply nested JSON structures. This can lead to a RecursionError, crashing the application and making services unavailable. This flaw not only threatens the integrity of the systems using this software but can significantly disrupt workflows and business operations, compromising the reliability of the services that rely on it.

Potential impact of CVE-2025-5472

1. Denial of Service (DoS): The most immediate impact of CVE-2025-5472 is the potential for Denial of Service. By exploiting this vulnerability, an attacker can submit crafted JSON input that causes the application to crash, resulting in service outages and loss of accessibility to critical functions.

2. Service Unavailability: The stack overflow caused by the recursive parsing can lead to repeated crashes of applications, making them unreliable. This lack of availability can hinder business operations and disrupt user experiences, forcing organizations to invest time and resources in troubleshooting and applying fixes.

3. Workflow Disruption: Given that run-llama/llama_index may be integrated into larger systems and workflows, any downtime resulting from this vulnerability can cascade into broader operational inefficiencies, impacting dependent processes and potentially leading to financial losses or reputational damage.

References