CVE-2025-1750 is a critical SQL injection vulnerability identified in the delete function of the DuckDBVectorStore component within the run-llama/llama_index project, specifically version v0.12.19. The vulnerability arises due to improper neutralization of special elements in SQL commands (CWE-89), allowing an attacker to manipulate the ref_doc_id parameter. This manipulation enables unauthorized SQL queries to be executed against the underlying DuckDB database. Exploiting this flaw, an attacker can perform arbitrary file read and write operations on the server hosting the vulnerable application. Such capabilities can be leveraged to escalate the attack to remote code execution (RCE), giving the attacker full control over the affected system. The vulnerability has a CVSS v3.0 base score of 9.8, indicating critical severity, with characteristics including network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No patches are currently linked, and no known exploits are reported in the wild as of the publication date (June 2, 2025). The root cause is the failure to properly sanitize or parameterize user input in SQL queries, a classic injection flaw that can be mitigated by adopting secure coding practices such as prepared statements or ORM usage. Given the nature of the vulnerability, it poses a significant risk to any deployment of run-llama/llama_index that uses the affected DuckDBVectorStore delete function without appropriate input validation or access controls.

For European organizations, this vulnerability presents a severe risk, particularly for those leveraging run-llama/llama_index in AI, data indexing, or vector search applications. Exploitation could lead to unauthorized data disclosure, data tampering, and full system compromise through remote code execution. This can result in loss of sensitive intellectual property, disruption of business operations, and potential regulatory non-compliance under GDPR due to data breaches. The ability to write arbitrary files could also facilitate the deployment of malware or ransomware, amplifying operational and financial damage. Organizations relying on cloud or hybrid infrastructures may face lateral movement risks if attackers gain footholds through this vulnerability. The criticality of this flaw demands immediate attention to prevent exploitation, especially in sectors with high-value data such as finance, healthcare, and government services prevalent across Europe.

1. Immediate mitigation should include disabling or restricting access to the vulnerable delete function in DuckDBVectorStore until a patch is available. 2. Implement strict input validation and sanitization for the ref_doc_id parameter, ensuring only expected formats and values are accepted. 3. Refactor the code to use parameterized queries or prepared statements to prevent SQL injection. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting this component. 5. Conduct thorough code audits and penetration testing focused on injection vulnerabilities within the run-llama/llama_index integration. 6. Monitor logs for suspicious database queries or file system access patterns indicative of exploitation attempts. 7. Maintain an inventory of all deployments using run-llama/llama_index to prioritize patching and mitigation efforts once updates are released. 8. Educate development and security teams about secure coding practices related to database interactions to prevent similar vulnerabilities in the future.