WRITEUP

WRITEUP

Exploit for CVE-2025-1753 - LLama-Index CLI <0.12.20 - Command Injection

AI Analysis

This patch addresses a command injection vulnerability in llama-index-cli by properly escaping user input using shlex.quote before passing it to shell commands. The fix also includes minor updates to the project configuration.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/run-llama/llama_index/commit/b57e76738c53ca82d88658b82f2d82d1c7839c7d

Authors

Massimiliano Pippi

Vulnerability

CVE-2025-1753

LLama-Index CLI <0.12.20 - Command Injection

HIGH

CVSS 7.8