Vulnerability Database

299,184

Total vulnerabilities in the database

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.

Published: Sep 24, 2025
Updated: Sep 25, 2025
CVE: CVE-2025-55178
GHSA: GHSA-x75h-m6jj-6cj2
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
llama-stack	-	0.2.20

https://github.com/llamastack/llama-stack/commit/efdb5558b8dcab4d141678bfed0a405e2f312b6f
https://github.com/llamastack/llama-stack/pull/3281
https://github.com/llamastack/llama-stack/releases/tag/v0.2.20
https://www.facebook.com/security/advisories/cve-2025-55178

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo