CVE-2025-3225 is a high-severity vulnerability classified under CWE-776, which pertains to improper restriction of recursive entity references in Document Type Definitions (DTDs) within XML processing. Specifically, this vulnerability affects the sitemap parser component of the run-llama/llama_index repository, version v0.12.21. The issue is an XML Entity Expansion (XEE) vulnerability, commonly known as a 'billion laughs' attack. In this attack, an attacker crafts a malicious Sitemap XML file containing recursive entity definitions that exponentially expand when parsed. This expansion consumes excessive system memory resources, leading to Denial of Service (DoS) conditions by exhausting available memory and potentially causing the application or host system to crash or become unresponsive. The vulnerability does not impact confidentiality or integrity directly but severely affects availability. It can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability was publicly disclosed on July 7, 2025, with a CVSS v3.0 base score of 7.5 (high severity). The issue has been resolved in version v0.12.29 of the run-llama/llama_index package. No known exploits are currently reported in the wild. The vulnerability arises from insufficient validation or restriction of recursive entity references in XML sitemap inputs, allowing attackers to trigger resource exhaustion during XML parsing.

For European organizations utilizing the run-llama/llama_index library, particularly versions prior to v0.12.29, this vulnerability poses a significant risk to service availability. Organizations that rely on this library for sitemap parsing or related XML processing in web applications, content management systems, or data indexing services may experience service outages or degraded performance if targeted by this attack. The DoS can disrupt business operations, degrade user experience, and potentially cause cascading failures in dependent systems. Given the remote and unauthenticated nature of the exploit, attackers can launch attacks without prior access or user involvement, increasing the threat surface. This is especially critical for organizations providing public-facing services or APIs that accept XML sitemap inputs. The lack of confidentiality or integrity impact reduces risks related to data breaches but availability disruptions can lead to reputational damage, financial losses, and regulatory scrutiny under European data protection and operational resilience frameworks. The absence of known exploits in the wild currently lowers immediate risk but does not eliminate the potential for future exploitation.

European organizations should promptly upgrade the run-llama/llama_index library to version v0.12.29 or later, where the vulnerability is patched. In addition to upgrading, organizations should implement strict input validation and XML parsing controls to mitigate similar XML Entity Expansion attacks. This includes configuring XML parsers to disable DTD processing or recursive entity expansion where possible. Employing XML parsing libraries that support secure processing features (e.g., secure XML parsers with entity expansion limits) is recommended. Network-level protections such as Web Application Firewalls (WAFs) can be configured to detect and block suspicious XML payloads exhibiting entity expansion patterns. Monitoring application logs for abnormal memory usage or parsing errors related to XML inputs can provide early detection of attempted exploitation. For critical systems, consider sandboxing XML processing components to limit the impact of potential DoS attacks. Finally, maintain an inventory of software dependencies to ensure timely patching and vulnerability management.