CVE-2025-1793

Name of the Vulnerable Software and Affected Versions llama index versions prior to 0.12.28

Description Multiple vector store integrations in run-llama/llama index have SQL injection vulnerabilities, allowing an attacker to read and write data using SQL. This could lead to unauthorized access to other users' data, depending on the usage of the llama-index library in a web application.

Recommendations For versions prior to 0.12.28, update to version 0.12.28 or later to resolve the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable vector store integrations until a patch is available. Avoid using SQL queries that could be exploited by an attacker in the affected API endpoints until the issue is resolved. Restrict access to sensitive data to minimize the risk of exploitation.