Strix
26.1K

CVE-2025-1753

UnknownEPSS 1.03%

Last modified

CVE-2025-1753 is a vulnerability of currently unknown severity. LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. EPSS estimates a 1.03% chance of exploitation in the next 30 days.

Description

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argument can inject and execute arbitrary shell commands. This vulnerability can be exploited locally if the attacker has control over the CLI arguments, and remotely if a web application calls the LLama-Index CLI with a user-controlled filename. This issue can lead to arbitrary code execution on the affected system.

Metrics

EPSS Probability
1.03%

59.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LlamaindexLlamaindex0.12.20

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-1753?
LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argument can inject and execute arbitrary shell commands. This vulnerability can be exploited locally if the attacker has control over the CLI arguments, and remotely if a web application calls the LLama-Index CLI with a user-controlled filename. This issue can lead to arbitrary code execution on the affected system.
How severe is CVE-2025-1753?
Severity scoring for CVE-2025-1753 is pending analysis. The EPSS model estimates a 1.03% probability of exploitation in the next 30 days.
How do I fix CVE-2025-1753?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-1753?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST