CVE-2025-1793 – SQL injection vulnerabilities in multiple vecto... (How to Fix)

Q: What is the severity of CVE-2025-1793?

CVE-2025-1793 has a CVSS score of 9.8 (CRITICAL). SQL injection vulnerabilities in multiple vector store integrations of run-llama/llama_index v0.12.21 allow attackers to execute arbitrary SQL commands. This can lead to unauthorized data access, modification, or deletion in applications using the vulnerable library. Web applications incorporating llama_index for AI/ML functionality are primarily affected.

📋 TL;DR

SQL injection vulnerabilities in multiple vector store integrations of run-llama/llama_index v0.12.21 allow attackers to execute arbitrary SQL commands. This can lead to unauthorized data access, modification, or deletion in applications using the vulnerable library. Web applications incorporating llama_index for AI/ML functionality are primarily affected.

💻 Affected Systems

Products:

run-llama/llama_index

Versions: v0.12.21 and earlier versions with vulnerable vector store integrations

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using llama_index vector store integrations with SQL-based backends. The vulnerability is in the library itself, not dependent on specific OS configurations.

📦 What is this software?

Llamaindex by Llamaindex

View all CVEs affecting Llamaindex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of backend databases, data exfiltration, privilege escalation, and potential remote code execution depending on database configuration.

🟠

Likely Case

Unauthorized access to sensitive vector store data, data manipulation, and potential exposure of user information in multi-tenant applications.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are well-understood with many available exploitation tools. The huntr.com bounty references indicate active research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 0008041e8dde8e519621388e5d6f558bde6ef42e

Vendor Advisory: https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e

Restart Required: No

Instructions:

1. Update llama_index to latest version. 2. Review commit 0008041e8dde8e519621388e5d6f558bde6ef42e for specific fixes. 3. Test vector store functionality after update.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for all user inputs passed to vector store functions.

Database Permission Restrictions

all

Limit database user permissions to minimum required operations (read-only where possible).

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block SQL injection patterns
Isolate vector store databases from other critical systems and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if your application uses llama_index version v0.12.21 or earlier and utilizes vector store integrations.

Check Version:

pip show llama-index | grep Version

Verify Fix Applied:

Update to latest version and test vector store operations with malicious inputs to ensure SQL injection is prevented.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts via vector store endpoints
Unexpected database schema changes

Network Indicators:

SQL syntax in HTTP parameters to vector store endpoints
Unusual database connection patterns from application servers

SIEM Query:

source="database_logs" AND (query="UNION" OR query="SELECT *" OR query="DROP" OR query="INSERT") AND source_ip="application_server"

📊 Metadata

CVE ID: CVE-2025-1793

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.01% exploit probability (1.9th percentile)

Published: June 5, 2025

Last Updated: July 30, 2025

🔗 References

https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e Patch
https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c Exploit,Third Party Advisory
https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1793, you might also want to check these: