A vulnerability was found in run-llama llama_index up to 0.4.0. It has been declared as critical. Affected by this vulnerability is the function
os.system
in the library os.system of the component CLI. The manipulation of the argument files leads to os command injection.
This vulnerability is known as CVE-2025-1753. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.