1. Home
  2. CVE Database
  3. CVE-2025-5302
HIGH · 8.6

CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion wh...

Vulnerability Description

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.

CVSS Score

8.6

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
HIGH

Related Weaknesses (CWE)

CWE-674

References

FAQ

What is CVE-2025-5302?

CVE-2025-5302 is a vulnerability with a CVSS score of 8.6 (HIGH). A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion wh...

How severe is CVE-2025-5302?

CVE-2025-5302 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-5302?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.