CVE-2025-55178: Llama Stack could potentially allow for remote code execution
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.
References
- github.com/advisories/GHSA-x75h-m6jj-6cj2
- github.com/llamastack/llama-stack
- github.com/llamastack/llama-stack/commit/efdb5558b8dcab4d141678bfed0a405e2f312b6f
- github.com/llamastack/llama-stack/pull/3281
- github.com/llamastack/llama-stack/releases/tag/v0.2.20
- nvd.nist.gov/vuln/detail/CVE-2025-55178
- www.facebook.com/security/advisories/cve-2025-55178
Code Behaviors & Features
Detect and mitigate CVE-2025-55178 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →