CVE-2025-3108: 
Python vulnerability analysis and mitigation

A critical deserialization vulnerability (CVE-2025-3108) was discovered in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. The vulnerability was disclosed on July 6, 2025, and involves an insecure fallback to Python's pickle module during deserialization operations (NVD, Miggo).

The vulnerability exists in the JsonPickleSerializer component's deserialize method, which attempts to deserialize data by first trying pickle.loads() after base64 decoding. The component prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. The CVSS v3.0 base score is 5.0 (Medium) with the vector string CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (NVD, Miggo).

The vulnerability allows remote code execution due to the insecure fallback mechanism. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The vulnerability affects confidentiality, integrity, and availability of the system, each with a low impact rating according to the CVSS score (NVD).

Version 0.12.41 addresses this vulnerability by renaming JsonPickleSerializer to PickleSerializer and adding a warning in the documentation to only use PickleSerializer to deserialize safe data. The patch includes explicit warnings in the docstring about potential security risks when deserializing untrusted data (GitHub Commit).