The vulnerability of the llama_index component of the JSON data reading class, which uses JSONReader tokens, allows a attacker to cause a service failure.

🗓️ 26 Dec 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

The vulnerability of the llama_index component of the JSON data reading class, implemented through JSONReader tokens, is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures.

Reporter	Title	Published	Views	Family All 17
IBM Security Bulletins	Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.	6 Apr 202612:34	–	ibm
CNNVD	LlamaIndex 安全漏洞	7 Jul 202500:00	–	cnnvd
CVE	CVE-2025-5472	7 Jul 202509:55	–	cve
Cvelist	CVE-2025-5472 Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index	7 Jul 202509:55	–	cvelist
Huntr	Denial of Service via `Uncontrolled Recursive` JSON Parsing in `JSONReader`	3 Apr 202501:06	–	huntr
EUVD	EUVD-2025-20209	3 Oct 202520:07	–	euvd
Github Security Blog	LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing	7 Jul 202512:30	–	github
NVD	CVE-2025-5472	7 Jul 202510:15	–	nvd
OSV	GHSA-3WXX-Q3GV-PVVV LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing	7 Jul 202512:30	–	osv
Positive Technologies	PT-2025-27665 · Unknown · Llama Index	2 Jul 202500:00	–	ptsecurity

Source	Link
github	www.github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635
huntr	www.huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4
web	www.web.nvd.nist.gov/view/vuln/detail

26 Dec 2025 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 36.5

CVSS 27.8

EPSS0.00338