CVE-2024-11958
Published: 20 March 2025
Summary
CVE-2024-11958 is a critical-severity SQL Injection (CWE-89) vulnerability in Llamaindex Llamaindex. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7043
Vulnerability details
A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. This…
more
can lead to remote code execution (RCE) by installing the shellfs extension and executing malicious commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection allows arbitrary SQL code execution, enabling exploitation of public-facing applications (T1190), data collection from databases (T1213.006), and RCE via shellfs extension for command execution (T1059).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.