CVE-2025-1750 | run-llama llama_index up to 0.3.0 DuckDBVectorStore delete ref_doc_id sql injection

A vulnerability, which was classified as critical, was found in run-llama llama_index up to 0.3.0. This affects the function delete of the component DuckDBVectorStore. The manipulation of the argument ref_doc_id leads to sql injection.

This vulnerability is uniquely identified as CVE-2025-1750. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More