Resource Management Flaw in llama_index Core Affects Memory Consumption
CVE-2025-6208

5.3MEDIUM

Key Information:

Vendor: Run-llama
Status: Run-llama/llama Index
Vendor: CVE Published:; 2 February 2026

What is CVE-2025-6208?

The SimpleDirectoryReader component in llama_index.core version 0.12.23 contains a vulnerability that leads to uncontrolled memory consumption. This issue occurs because the specified file limit (num_files_limit) is enforced only after the entire directory's contents are loaded into memory. As a result, this design flaw can cause significant memory exhaustion, especially in resource-constrained environments, leading to performance degradation. To mitigate this issue, users are encouraged to upgrade to version 0.12.41, where the vulnerability has been addressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

run-llama/llama_index < 0.12.41

References

https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048...

https://github.com/run-llama/llama_index/commit/53614e2f7...

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Jun 17, 2025

JSON

Run-llama

What is CVE-2025-6208?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.