CVE-2025-1793CRITICAL 9.8EPSS p43.2%

CVE-2025-1793CVE-2025-1793

Description

Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.

Scoring

CVSS 3.09.8 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.58% probability of exploitation · percentile 43.2% · 2026-06-19T12:03:05Z
Published2025-06-05
Last modified2025-07-30

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
  2. https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c
  3. https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1750
CVE
CVE-2025-5302
CVE
CVE-2025-63389
CVE
CVE-2026-40978
CVE
CVE-2025-45146
CVE
CVE-2025-52566
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.