Strix
26.1K

CVE-2025-1793

UnknownEPSS 0.58%

Last modified

CVE-2025-1793 is a vulnerability of currently unknown severity. Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.. EPSS estimates a 0.58% chance of exploitation in the next 30 days.

Description

Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.

Metrics

EPSS Probability
0.58%

43.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LlamaindexLlamaindex>= 0.12.21, < 0.12.28

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-1793?
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
How severe is CVE-2025-1793?
Severity scoring for CVE-2025-1793 is pending analysis. The EPSS model estimates a 0.58% probability of exploitation in the next 30 days.
How do I fix CVE-2025-1793?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-1793?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST