CVE-2025-1793

NONE EPSS 43.4%
Published Jun 5, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Jun 5, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.

Threat Intelligence

EPSS Exploit Probability
43.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
llamaindexllamaindex*≥0.12.21  –  <0.12.28

References 2

  • github.com https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
    Patch
  • huntr.com https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
    Patch