2435932 – (CVE-2025-6208) CVE-2025-6208 llama_index: llama_index: Denial of Service due to uncontrolled memory consumption in SimpleDirectoryReader

Bug 2435932 (CVE-2025-6208) - CVE-2025-6208 llama_index: llama_index: Denial of Service due to uncontrolled memory consumption in SimpleDirectoryReader

Summary: CVE-2025-6208 llama_index: llama_index: Denial of Service due to uncontrolled...

Keywords:
Status:	NEW
Alias:	CVE-2025-6208
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-02 11:01 UTC by OSIDB Bzimport
Modified:	2026-02-02 12:15 UTC (History)
CC List:	16 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-02 11:01:23 UTC

The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.

Note You need to log in before you can comment on or make changes to this bug.