CVE-2025-1752 is a Denial of Service (DoS) vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting the run-llama/llama_index project, specifically within the KnowledgeBaseWebReader class. The vulnerability stems from improper handling of the max_depth parameter in the get_article_urls function. This parameter is intended to limit the recursion depth when fetching article URLs, but due to insecure coding practices, it is not properly enforced. An attacker can exploit this by triggering repeated recursive calls that exceed Python's recursion limit, causing excessive consumption of CPU and memory resources. This ultimately leads to the crashing of the Python process running the vulnerable code, resulting in service unavailability. The vulnerability affects versions up to and including v0.12.15, with no specific patch currently linked. The CVSS v3.0 base score is 7.5, indicating a high severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts availability only (A:H) without affecting confidentiality or integrity. No known exploits are reported in the wild yet, but the vulnerability is publicly disclosed and can be weaponized in denial-of-service attacks against services using this library.

For European organizations utilizing the run-llama/llama_index library, particularly those integrating it into knowledge base or document processing applications, this vulnerability poses a significant risk of service disruption. The DoS attack can lead to downtime, impacting business continuity and user experience. Organizations relying on automated knowledge extraction or AI-driven document indexing could face interruptions, potentially affecting customer-facing services or internal workflows. Since the vulnerability does not compromise data confidentiality or integrity, the primary concern is availability loss. However, prolonged outages could indirectly affect compliance with service level agreements (SLAs) and regulatory requirements around operational resilience, especially in sectors like finance, healthcare, and critical infrastructure. The ease of exploitation without authentication or user interaction increases the threat level, as attackers can remotely trigger the vulnerability over the network. This could be leveraged in targeted attacks or as part of broader disruption campaigns.

To mitigate this vulnerability, organizations should first monitor for updates or patches from the run-llama/llama_index maintainers and apply them promptly once available. In the interim, developers should implement strict input validation and enforce recursion depth limits explicitly within the get_article_urls function to prevent uncontrolled recursion. Rate limiting and request throttling at the application or network level can reduce the risk of repeated exploit attempts. Deploying runtime monitoring tools to detect abnormal resource consumption patterns can provide early warning signs of exploitation. Additionally, isolating the vulnerable component in a sandboxed environment or container with resource limits (CPU and memory quotas) can minimize the impact of a successful attack. Network-level protections such as Web Application Firewalls (WAFs) configured to detect and block suspicious recursive request patterns can also be effective. Finally, conducting code reviews and security testing focused on recursion and resource consumption in similar modules can prevent analogous vulnerabilities.