PYSEC-2025-249

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2025-249.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2025-249
Aliases
Published
2025-07-06T23:15:21.777Z
Modified
2026-07-13T07:26:35.963511267Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.

References

Affected packages

PyPI / llama-index

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.12.27
Fixed
0.12.41

Affected versions

0.*
0.12.27
0.12.28
0.12.29
0.12.30
0.12.31
0.12.32
0.12.33
0.12.34
0.12.35
0.12.36
0.12.37
0.12.38
0.12.39
0.12.40

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2025-249.yaml"