CVE-2025-1793

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1793

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1793.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1793

Aliases

GHSA-v3c8-3pr6-gr7p

Related

CGA-pr3v-c234-3288

Published

2025-06-05T05:15:23.690Z

Modified

2026-03-14T12:41:59.901517Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.

References

Affected packages

Git / github.com/run-llama/llama_index

Affected ranges

Type

GIT

Repo

https://github.com/run-llama/llama_index

Events

Introduced

663e663e869889afdb4bfadde06fed306586d29e

Fixed

0008041e8dde8e519621388e5d6f558bde6ef42e

Database specific

{
    "versions": [
        {
            "introduced": "0.12.21"
        },
        {
            "fixed": "0.12.28"
        }
    ]
}

Affected versions

v0.*

v0.12.21

v0.12.22

v0.12.22.post1

v0.12.23

v0.12.24

v0.12.24.post1

v0.12.24.post2

v0.12.25

v0.12.26

v0.12.27

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1793.json"