CVE-2025-3108

Name of the Vulnerable Software and Affected Versions: llama index versions v0.12.27 through v0.12.40

Description: A critical deserialization vulnerability exists in the JsonPickleSerializer component of the llama index library. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. The JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.

Recommendations: For versions v0.12.27 through v0.12.40, consider disabling the JsonPickleSerializer component until a patch is available. Restrict access to the pickle.loads() function to minimize the risk of exploitation. Avoid using the JsonPickleSerializer component with untrusted data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.