{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T16:14:00.553","vulnerabilities":[{"cve":{"id":"CVE-2025-5472","sourceIdentifier":"security@huntr.dev","published":"2025-07-07T10:15:28.873","lastModified":"2025-07-30T20:03:35.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38."},{"lang":"es","value":"JSONReader en run-llama/llama_index, versión 0.12.28, es vulnerable a un desbordamiento de pila debido al análisis recursivo incontrolado de JSON. Esta vulnerabilidad permite a los atacantes activar una denegación de servicio (DoS) al enviar estructuras JSON profundamente anidadas, lo que genera un error de recursión (RecursionError) y bloquea las aplicaciones. La causa principal es el diseño inseguro del recorrido recursivo y la falta de validación de profundidad, lo que hace que el JSONReader sea susceptible a un desbordamiento de pila al procesar JSON profundamente anidado. Esto afecta la disponibilidad de los servicios, haciéndolos poco fiables e interrumpiendo los flujos de trabajo. El problema se ha resuelto en la versión 0.12.38."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*","versionStartIncluding":"0.12.28","versionEndExcluding":"0.12.38","matchCriteriaId":"D42BE992-85B3-42C1-B469-BB1F24850DA4"}]}]}],"references":[{"url":"https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}