Security Advisory

CVE-2025-1750

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-02 10:04:50

Last updated 2025-06-02 12:18:24

Assigner @huntr_ai

State PUBLISHED

Description

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).

← Browse all CVEs View on cve.org ↗