VYPR
← All advisories
High severityNVD Advisory· Published May 10, 2025· Updated Oct 15, 2025

Denial of Service in run-llama/llama_index

CVE-2025-1752

Description

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2025-1752 is a DoS vulnerability in llama_index's KnowledgeBaseWebReader, where missing max_depth enforcement allows recursion-limit exhaustion and process crash.

Vulnerability

Description

CVE-2025-1752 affects the KnowledgeBaseWebReader class in the run-llama/llama_index project (version ~v0.12.15). The vulnerability stems from a coding oversight in the get_article_urls function, which performs recursive crawling of knowledge base URLs. Although the function accepts a max_depth parameter intended to limit recursion, the code did not actually check or enforce this limit before making recursive calls. As a result, an attacker can supply or trigger a path that causes unbounded recursion, quickly exhausting Python's recursion limit [1][3].

Exploitation and

Attack Surface

An attacker can exploit this vulnerability by providing a malicious knowledge base URL or set of links that triggers deep recursion in the get_article_urls function. The attack does not require authentication if the application exposes the KnowledgeBaseWebReader to external input. By sending a request that leads to repeated self-calls, the attacker causes the Python process to consume excessive stack depth and memory, ultimately crashing the application [1]. The fix in commit 3c65db2 adds a depth parameter and a check if depth >= max_depth to properly stop recursion when the limit is reached [3].

Impact

Successful exploitation results in a Denial of Service (DoS) condition. The recursive call chain causes the Python interpreter to hit its recursion limit (typically 1000), raising a RecursionError and crashing the process. This makes the affected service unavailable until manually restarted. The impact is limited to availability; there is no evidence of data corruption or privilege escalation from this specific bug [1][4].

Mitigation

The issue has been patched in the llama-index-readers-web package version 0.3.6, as shown in the linked commit [3]. Users should update to the patched version immediately. No workarounds are mentioned, but limiting input that can trigger recursive crawling would reduce exposure. The vulnerability was reported through the Huntr bug bounty platform and is not known to be exploited in the wild at the time of publication [4].

References
  1. NVD - CVE-2025-1752
  2. fix: respect max_depth in KnowledgeBaseWebReader (#17949) · run-llama/llama_index@3c65db2
  3. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
llama-indexPyPI
>= 0.12.15, < 0.12.210.12.21

Affected products

3

Patches

1
3c65db294727

fix: respect max_depth in KnowledgeBaseWebReader (#17949)

https://github.com/run-llama/llama_indexMassimiliano PippiFeb 27, 2025via ghsa
commit
2 files changed · +14 3
  • llama-index-integrations/readers/llama-index-readers-web/llama_index/readers/web/knowledge_base/base.py+13 2 modified
    @@ -127,7 +127,12 @@ def scrape_article(
         return {"title": title, "subtitle": subtitle, "body": body, "url": url}
 
     def get_article_urls(
-        self, browser: Any, root_url: str, current_url: str, max_depth: int = 100
+        self,
+        browser: Any,
+        root_url: str,
+        current_url: str,
+        max_depth: int = 100,
+        depth: int = 0,
     ) -> List[str]:
         """
         Recursively crawl through the knowledge base to find a list of articles.
@@ -136,11 +141,17 @@ def get_article_urls(
             browser (Any): a Playwright Chromium browser.
             root_url (str): root URL of the knowledge base.
             current_url (str): current URL that is being crawled.
+            max_depth (int): maximum recursion level for the crawler
+            depth (int): current depth level
 
         Returns:
             List[str]: a list of URLs of found articles.
 
         """
+        if depth >= max_depth:
+            print(f"Reached max depth ({max_depth}): {current_url}")
+            return []
+
         page = browser.new_page(ignore_https_errors=True)
         page.set_default_timeout(60000)
         page.goto(current_url, wait_until="domcontentloaded")
@@ -162,7 +173,7 @@ def get_article_urls(
         for link in links:
             url = root_url + page.evaluate("(node) => node.getAttribute('href')", link)
             article_urls.extend(
-                self.get_article_urls(browser, root_url, url, max_depth)
+                self.get_article_urls(browser, root_url, url, max_depth, depth + 1)
             )
 
         page.close()
  • llama-index-integrations/readers/llama-index-readers-web/pyproject.toml+1 1 modified
    @@ -46,7 +46,7 @@ license = "GPL-3.0-or-later"
 maintainers = ["HawkClaws", "Hironsan", "NA", "an-bluecat", "bborn", "jasonwcfan", "kravetsmic", "pandazki", "ruze00", "selamanse", "thejessezhang"]
 name = "llama-index-readers-web"
 readme = "README.md"
-version = "0.3.5"
+version = "0.3.6"
 
 [tool.poetry.dependencies]
 python = ">=3.9,<4.0"

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.