CVE-2025-1752 — HIGH (CVSS 7.5) AI Security Vulnerability

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
llama-index	pip	>= 0.12.15, < 0.12.21	`0.12.21`

Do you use llama-index? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

0.2%

chance of exploitation in 30 days

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

Patch available

Update llama-index to version 0.12.21

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.

Weaknesses (CWE)

CWE-400 Uncontrolled Resource Consumption Primary CWE-674 Uncontrolled Recursion Primary

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Timeline

Published

May 10, 2025

Last Modified

October 15, 2025

First Seen

March 24, 2026