CVE-2025-1793
llama_index vulnerable to SQL Injection
9.8
CRITICAL
CVSS 3.1
EPSS 0.06%
Description
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
How to fix CVE-2025-1793
To remediate CVE-2025-1793, upgrade the affected package to a fixed version below.
- —upgrade to 0.12.28 or later
Is CVE-2025-1793 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.12.28
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |