CVE-2025-5302
HIGHDescription
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
Is your site exposed to CVE-2025-5302?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-5302? +
How severe is CVE-2025-5302? +
How do I check if I'm vulnerable to CVE-2025-5302? +
Related Vulnerabilities
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories …
When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading …
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion …
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a …
eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well …
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …