- Description
- Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
- Source
- security@huntr.dev
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@huntr.dev
- CWE-89
- Hype score
- Not currently trending
https://t.co/Nwcz2QE8sR Critical SQL Injection Vulnerability in LlamaIndex (CVE-2025-1793) – Advisory and Analysis
@BentleyAudrey
11 Jun 2025
248 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨#CVE-2025-1793: Multiple vector store integrations in #AI library llama_index, versions prior to 0.12.28 are vulnerable to SQL injection. Attackers can read and write data from/to any of the affected vector stores by using SQL, potentially leading to unauthorized access to th
@CheckmarxZero
5 Jun 2025
113 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes