Medium severity5.3OSV Advisory· Published Sep 24, 2025· Updated Apr 15, 2026
CVE-2025-55178
CVE-2025-55178
Description
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
llama-stackPyPI | < 0.2.20 | 0.2.20 |
Affected products
2- Range: stable, v0.0.53, v0.0.54, …
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-x75h-m6jj-6cj2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55178ghsaADVISORY
- github.com/llamastack/llama-stack/commit/efdb5558b8dcab4d141678bfed0a405e2f312b6fghsaWEB
- github.com/llamastack/llama-stack/pull/3281nvdWEB
- github.com/llamastack/llama-stack/releases/tag/v0.2.20nvdWEB
- www.facebook.com/security/advisories/cve-2025-55178nvdWEB
News mentions
0No linked articles in our index yet.