Remote Code Execution Vulnerability in Llama Stack by Llama Stack
CVE-2025-55178

5.3MEDIUM

Key Information:

Vendor

Meta Platforms, Inc

Status
Llama Stack
Vendor
CVE Published:
24 September 2025

What is CVE-2025-55178?

Llama Stack versions prior to v0.2.20 contain a vulnerability in the resolve_ast_by_type function that accepts unverified parameters. This flaw may allow malicious actors to execute arbitrary code remotely, compromising the integrity and security of systems using the affected versions. Users are urged to upgrade to v0.2.20 or later to mitigate potential risks.

Affected Version(s)

Llama Stack 0.0.0 < 0.2.20

References

https://www.facebook.com/security/advisories/cve-2025-55178
x_refsource_CONFIRM
https://github.com/llamastack/llama-stack/pull/3281
x_refsource_CONFIRM
https://github.com/llamastack/llama-stack/releases/tag/v0...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-55178 : Remote Code Execution Vulnerability in Llama Stack by Llama Stack