Vulnerabilities

CVE-2025-1750

by Fred · 02/06/2025

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).

Assigner : security@huntr.dev

More information : https://github.com/run-llama/llama_index/commit/369a2942df2efcf6b74461c45d20a0af1fbe4ae2

Similar

Tags: Cybersecurity Alert