CVE-2025-6208 - Uncontrolled Memory Consumption in run-llama/llama_index

CVE ID : CVE-2025-6208 Published : Feb. 2, 2026, 11:16 a.m. | 57 minutes ago Description : The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...