Security Advisory

CVE-2025-6208

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-02 10:36:23

Last updated 2026-02-02 17:46:53

Assigner @huntr_ai

State PUBLISHED

Description

The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.

← Browse all CVEs View on cve.org ↗