CVE-2025-3225: 
Python vulnerability analysis and mitigation

An XML Entity Expansion vulnerability (CVE-2025-3225), also known as a 'billion laughs' attack, was discovered in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. The vulnerability was disclosed on July 7, 2025, and affects the Papers Loaders package before version 0.3.2 (in llama-index v0.10.0 and above through v0.12.29) (Miggo, NVD).

The vulnerability is classified as CWE-776 (Improper Restriction of Recursive Entity References in DTDs) with a CVSS v3.0 score of 7.5 (High). The root cause was the use of Python's standard xml.etree.ElementTree.fromstring function, which does not protect against recursive entity expansion in DTDs. The vulnerability existed across multiple data readers within the LlamaIndex ecosystem that parse XML from external sources, such as API responses or sitemap files (Miggo).

When exploited, this vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash (NVD, Miggo).

The vulnerability has been patched in version 0.3.2 (in llama-index 0.12.29). The fix involves replacing all instances of xml.etree.ElementTree.fromstring with defusedxml.ElementTree.fromstring, which is specifically designed to be secure against such attacks (GitHub Commit, Miggo).