CVE-2025-3225

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584	Patch
https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-07 10:15

Updated : 2025-07-30 21:24

NVD link : CVE-2025-3225

Mitre link : CVE-2025-3225

CVE.ORG link : CVE-2025-3225

JSON object : View

Products Affected

llamaindex

llamaindex

CWE

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

{"id": "CVE-2025-3225", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-07T10:15:27.047", "references": [{"url": "https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-776"}]}], "descriptions": [{"lang": "en", "value": "An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29."}, {"lang": "es", "value": "Existe una vulnerabilidad de expansi\u00f3n de entidades XML, tambi\u00e9n conocida como ataque de \"billion laughs\", en el analizador de mapas de sitio del repositorio run-llama/llama_index, que afecta espec\u00edficamente a la versi\u00f3n v0.12.21. Esta vulnerabilidad permite a un atacante proporcionar un XML de mapa de sitio malicioso, lo que provoca una denegaci\u00f3n de servicio (DoS) al agotar la memoria del sistema y, potencialmente, provocar un bloqueo del mismo. El problema se ha resuelto en la versi\u00f3n v0.12.29."}], "lastModified": "2025-07-30T21:24:40.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDF50856-9402-423D-B587-CD003F2C2A37", "versionEndExcluding": "0.12.29", "versionStartIncluding": "0.12.21"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}