PT-2025-26161 · Unknown · Llama-Index-Core+1
Published
2025-06-18
·
Updated
2026-02-02
·
CVE-2025-6208
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
llama index versions prior to 0.12.42
llama index.core versions prior to 0.12.42
Description
The
SimpleDirectoryReader component in llama index.core is subject to uncontrolled memory consumption due to a flaw in resource management. The num files limit parameter is applied after all files in a directory are loaded into memory, potentially leading to memory exhaustion and performance degradation, especially in resource-constrained environments.Recommendations
Update to version 0.12.42 or later.
Update to version 0.12.41 or later.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Llama Index
Llama-Index-Core