CVE-2025-1750 – DuckDBVectorStore SQL Injection Remote Code Execution

June 2, 2025

CVE ID : CVE-2025-1750

Published : June 2, 2025, 10:15 a.m. | 1 hour, 7 minutes ago

Description : An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3260 – Grafana Dashboard Permission Bypass Vulnerability

Next Article CVE-2025-5437 – Multilaser Sirius RE016 MLT1.0 CGI Password Change Handler Remote Authentication Bypass Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Smashing Animations Part 4: Optimising SVGs

I test AI tools for a living. Here are 3 image generators I actually use and how

The world’s smallest 65W USB-C charger is my latest travel essential

This Spotlight alternative for Mac is my secret weapon for AI-powered search

Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Simplify Negative Relation Queries with Laravel’s whereDoesntHaveRelation Methods

Cast Model Properties to a Uri Instance in 12.17

My Favorite Obsidian Plugins and Their Hidden Settings

My Favorite Obsidian Plugins and Their Hidden Settings

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Rilasciata Oracle Linux 9.6: Scopri le Novità e i Miglioramenti nella Sicurezza e nelle Prestazioni

CVE-2025-1750 – DuckDBVectorStore SQL Injection Remote Code Execution

HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade

CISA Adds Qualcomm Vulnerabilities to KEV Catalog

CVE-2023-45721 – HCL Leap Unauthenticated Directory Information Exposure

LWiAI Podcast #174 – Odyssey Text-to-Video, Groq LLM Engine, OpenAI Security Issues, and More!

Our Interfaces Have Lost Their Senses — And It’s Time to Bring Them Back!

CVE-2025-47282 – Gardener External DNS Management Seed Cluster Control Vulnerability

FTC Sues Adobe for â€˜Trappingâ€™ Users in Deceptive Subscription Practices

Anthropic AI Releases Claude 3.5: A New AI Model that Surpasses GPT-4o on Multiple Benchmarks While Being 2x Faster than Claude 3 Opus

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

5 things to do with the Linux terminal on your Android phone – including my favorite

CVE-2025-1750 – DuckDBVectorStore SQL Injection Remote Code Execution

Related Posts