CVE-2024-12909 – This SQL injection vulnerability in the Finance... (How to Fix)

Q: What is the severity of CVE-2024-12909?

CVE-2024-12909 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in the FinanceChatLlamaPack allows attackers to execute arbitrary SQL queries through the database_agent's run_sql_query function. Exploitation can lead to remote code execution via PostgreSQL large object functionality. Users of run-llama/llama_index repository versions up to v0.12.3 are affected.

📋 TL;DR

This SQL injection vulnerability in the FinanceChatLlamaPack allows attackers to execute arbitrary SQL queries through the database_agent's run_sql_query function. Exploitation can lead to remote code execution via PostgreSQL large object functionality. Users of run-llama/llama_index repository versions up to v0.12.3 are affected.

💻 Affected Systems

Products:

run-llama/llama_index FinanceChatLlamaPack

Versions: All versions up to v0.12.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PostgreSQL database backend with large object functionality enabled.

📦 What is this software?

Llamaindex by Llamaindex

View all CVEs affecting Llamaindex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise leading to remote code execution, data exfiltration, and complete system takeover.

🟠

Likely Case

Database manipulation, data theft, and potential privilege escalation within the database environment.

🟢

If Mitigated

Limited to database-level impact if proper input validation and parameterized queries are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection to RCE chain is documented in public bounty reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.0

Vendor Advisory: https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75

Restart Required: Yes

Instructions:

1. Update llama_index to version 0.3.0 or later. 2. Restart the application. 3. Verify the fix by checking the version and testing SQL query functionality.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for all database operations.

Database Privilege Reduction

all

Restrict database user permissions to prevent large object functionality execution.

REVOKE ALL ON LARGE OBJECT FROM [username];

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable component from critical systems.
Deploy a web application firewall with SQL injection detection rules.

🔍 How to Verify

Check if Vulnerable:

Check if using llama_index version <= v0.12.3 and FinanceChatLlamaPack is enabled.

Check Version:

pip show llama_index | grep Version

Verify Fix Applied:

Confirm version is >= 0.3.0 and test SQL query functionality with malicious inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns
Large object function calls in database logs
Multiple failed query attempts

Network Indicators:

Unusual database connection patterns
SQL injection payloads in application traffic

SIEM Query:

source="application.logs" AND ("run_sql_query" OR "FinanceChatLlamaPack") AND ("SELECT lo_" OR "CREATE FUNCTION")

📊 Metadata

CVE ID: CVE-2024-12909

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.69% exploit probability (71.4th percentile)

Published: March 20, 2025

Last Updated: July 30, 2025

🔗 References

https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75 Patch
https://huntr.com/bounties/44e8177f-200a-4ba3-a12c-8bc21e313a3f Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12909, you might also want to check these: