CVE-2025-6208

5.3 MEDIUM
Denial of Service

📋 TL;DR

The SimpleDirectoryReader component in llama_index.core versions before 0.12.41 has a memory management flaw where it loads all files from a directory into memory before applying the user-specified file limit. This can cause memory exhaustion and performance degradation, affecting any system using vulnerable versions of llama_index.core to process directories with many files.

💻 Affected Systems

Products:
  • llama_index.core
Versions: Versions before 0.12.41, specifically mentioned 0.12.23
Operating Systems: All operating systems where llama_index.core is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using SimpleDirectoryReader component to read directories. The vulnerability is present regardless of configuration settings.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system memory exhaustion leading to denial of service, application crashes, and potential data loss if the system becomes unresponsive.

🟠

Likely Case

Degraded application performance, increased memory usage, and potential application instability when processing directories with many files.

🟢

If Mitigated

Minimal impact with proper file limits and monitoring in place, though still inefficient memory usage.

🌐 Internet-Facing: MEDIUM - Could be exploited by feeding large directories to API endpoints using SimpleDirectoryReader, but requires specific functionality exposure.
🏢 Internal Only: MEDIUM - Internal applications using the vulnerable component could experience performance issues or crashes when processing large directories.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW - Simply requires feeding a directory with many files to the vulnerable component.

Exploitation is straightforward but requires access to functionality using SimpleDirectoryReader. No authentication bypass needed if the functionality is already accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.12.41

Vendor Advisory: https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2

Restart Required: Yes

Instructions:

1. Update llama_index.core to version 0.12.41 or later using pip: pip install llama-index-core>=0.12.41
2. Restart any applications or services using llama_index.core
3. Verify the update was successful by checking the installed version

🔧 Temporary Workarounds

Limit directory size before processing

all

Manually limit the number of files in directories before passing them to SimpleDirectoryReader

# Example: Only process first N files
import os
files = os.listdir('directory')
limited_files = files[:num_files_limit]
# Process limited_files instead of entire directory

Implement custom file filtering

all

Create a wrapper function that filters files before passing to SimpleDirectoryReader

# Python wrapper example
def safe_directory_reader(directory, limit):
    import os
    files = sorted(os.listdir(directory))[:limit]
    # Process only limited files
    return process_files(files)

🧯 If You Can't Patch

  • Implement strict monitoring of memory usage for applications using SimpleDirectoryReader
  • Limit the size of directories that can be processed by the application

🔍 How to Verify

Check if Vulnerable:

Check if llama_index.core version is below 0.12.41 and if SimpleDirectoryReader is used in your codebase.

Check Version:

pip show llama-index-core | grep Version

Verify Fix Applied:

Verify that llama_index.core version is 0.12.41 or higher and test directory processing with many files to ensure memory usage remains stable.

📡 Detection & Monitoring

Log Indicators:

  • High memory usage spikes when processing directories
  • Application crashes or restarts during file processing
  • Out of memory errors in application logs

Network Indicators:

  • Increased response times for directory processing endpoints
  • Timeouts on requests involving file directory operations

SIEM Query:

source="application_logs" ("Out of memory" OR "MemoryError" OR "Memory exhaustion") AND "SimpleDirectoryReader"

📊 Metadata

CVE ID: CVE-2025-6208
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-400
Published: February 2, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This