{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T22:50:45.303","vulnerabilities":[{"cve":{"id":"CVE-2025-3225","sourceIdentifier":"security@huntr.dev","published":"2025-07-07T10:15:27.047","lastModified":"2025-07-30T21:24:40.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29."},{"lang":"es","value":"Existe una vulnerabilidad de expansión de entidades XML, también conocida como ataque de \"billion laughs\", en el analizador de mapas de sitio del repositorio run-llama/llama_index, que afecta específicamente a la versión v0.12.21. Esta vulnerabilidad permite a un atacante proporcionar un XML de mapa de sitio malicioso, lo que provoca una denegación de servicio (DoS) al agotar la memoria del sistema y, potencialmente, provocar un bloqueo del mismo. El problema se ha resuelto en la versión v0.12.29."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-776"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*","versionStartIncluding":"0.12.21","versionEndExcluding":"0.12.29","matchCriteriaId":"FDF50856-9402-423D-B587-CD003F2C2A37"}]}]}],"references":[{"url":"https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}