High severity8.6NVD Advisory· Published Aug 25, 2025· Updated Apr 15, 2026
CVE-2025-5302
CVE-2025-5302
Description
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
llama-index-corePyPI | < 0.12.38 | 0.12.38 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.