Description

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29.

INFO

Published Date :

2025-07-07T09:54:06.033Z

Last Modified :

2025-07-07T14:59:26.842Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2025-3225 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3225.

URL Resource
https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584 cve-icon cve-icon
https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact