CRITICAL🇵🇱 Wersja polska

CVE-2025-1750

CVSS 9.8v3.0pub. 2025-06-02upd. 2025-07-31

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).

🤖 AI Analysis
How it works

An attacker can manipulate the ref_doc_id parameter passed to the delete function in the DuckDBVectorStore class, which is not properly validated or escaped before being used in an SQL query. By crafting a malicious parameter value, it is possible to inject arbitrary SQL instructions. This in turn enables operations on the server file system, such as reading and writing arbitrary files, which can lead to complete system takeover through RCE.

Impact

An attacker can read and modify any files on the server, and in an extreme scenario obtain remote code execution (RCE), which means complete takeover of the system hosting the application.

Mitigation & patch

Patches available from the vendor should be applied according to references — fix available in the GitHub repository (commit 369a2942df2efcf6b74461c45d20a0af1fbe4ae2). It is recommended to update the LlamaIndex library to the version containing the indicated patch as soon as possible.

Who is affected

LlamaIndex (run-llama/llama_index) version v0.12.19 — affects applications using the DuckDBVectorStore component.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Llamaindex

    APP
    Llamaindex
    0.12.19 – 0.12.21 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2025-1793CRITICAL9.8PL ✓ten sam produkt

SQL injection w LlamaIndex — nieautoryzowany dostęp do danych przez integracje vector store

CVE-2024-12909CRITICAL9.8PL ✓ten sam produkt

SQL Injection i RCE w FinanceChatLlamaPack biblioteki LlamaIndex

CVE-2024-11958CRITICAL9.8PL ✓ten sam produkt

SQL Injection umożliwiający RCE w komponencie duckdb_retriever biblioteki LlamaIndex

CVE-2024-3271CRITICAL9.8PL ✓ten sam produkt

Command injection w LlamaIndex — obejście safe_eval umożliwia RCE

CVE-2024-23751CRITICAL9.8PL ✓ten sam produkt

SQL injection w LlamaIndex przez funkcję Text-to-SQL