CVE-2025-1752

Name of the Vulnerable Software and Affected Versions run-llama/llama index version ~ latest(v0.12.15)

Description A Denial of Service (DoS) issue has been identified in the KnowledgeBaseWebReader class due to inadequate secure coding practices. Specifically, the lack of proper implementation of the max depth parameter in the get article urls function allows an attacker to exhaust Python's recursion limit through repeated function calls. This leads to resource consumption and ultimately crashes the Python process.

Recommendations For version ~ latest(v0.12.15), consider disabling the get article urls function until a patch is available to prevent exploitation. Restrict access to the KnowledgeBaseWebReader class to minimize the risk of resource consumption. Avoid using the max depth parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.