{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3225", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-04-03T15:03:26.975Z", "datePublished": "2025-07-07T09:54:06.033Z", "dateUpdated": "2025-07-07T14:59:26.842Z"}, "containers": {"cna": {"title": "XML Entity Expansion vulnerability in run-llama/llama_index", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-07-07T09:56:23.672Z"}, "descriptions": [{"lang": "en", "value": "An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29."}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"version": "unspecified", "lessThan": "v0.12.29", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2"}, {"url": "https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs", "cweId": "CWE-776"}]}], "source": {"advisory": "e33c0699-e9a2-49aa-837b-5363205637a2", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T14:54:59.585565Z", "id": "CVE-2025-3225", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T14:59:26.842Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3225", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-07T14:54:59.585565Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T14:58:08.545Z"}}], "cna": {"title": "XML Entity Expansion vulnerability in run-llama/llama_index", "source": {"advisory": "e33c0699-e9a2-49aa-837b-5363205637a2", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "v0.12.29", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2"}, {"url": "https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584"}], "descriptions": [{"lang": "en", "value": "An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-776", "description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-07-07T09:56:23.672Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3225", "state": "PUBLISHED", "dateUpdated": "2025-07-07T14:59:26.842Z", "dateReserved": "2025-04-03T15:03:26.975Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-07-07T09:54:06.033Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDF50856-9402-423D-B587-CD003F2C2A37", "versionEndExcluding": "0.12.29", "versionStartIncluding": "0.12.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29."}, {"lang": "es", "value": "Existe una vulnerabilidad de expansi\u00f3n de entidades XML, tambi\u00e9n conocida como ataque de \"billion laughs\", en el analizador de mapas de sitio del repositorio run-llama/llama_index, que afecta espec\u00edficamente a la versi\u00f3n v0.12.21. Esta vulnerabilidad permite a un atacante proporcionar un XML de mapa de sitio malicioso, lo que provoca una denegaci\u00f3n de servicio (DoS) al agotar la memoria del sistema y, potencialmente, provocar un bloqueo del mismo. El problema se ha resuelto en la versi\u00f3n v0.12.29."}], "id": "CVE-2025-3225", "lastModified": "2025-07-30T21:24:40.497", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-07-07T10:15:27.047", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-776"}], "source": "security@huntr.dev", "type": "Primary"}]}

{"bugzilla": {"description": "llama-index: XML Entity Expansion in llama_index", "id": "2376764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376764"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-776", "details": ["An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-3225", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2025-07-07T09:54:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3225\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3225\nhttps://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584\nhttps://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2"], "threat_severity": "Moderate"}