CVE-2025-5302
Published: 25 August 2025
Summary
CVE-2025-5302 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25708
Vulnerability details
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion…
more
depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.