CVE-2025-6211

Medium CVSS: 6.5

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

Vendor

Llamaindex

Product

Llamaindex

CWE

CWE-440

Yayın Tarihi

2025-07-10 13:15:23

Güncelleme

2025-07-30 20:00:35

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-440 Llamaindex MEDIUM Llamaindex 2025

Referanslar

https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352 https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389 https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389

Benzer Kayıtlar

High

CVE-2024-14021

LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability i…

High

CVE-2024-58339

LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vuln…

High

CVE-2025-7707

The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which…

High

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the…

Medium

CVE-2025-6210

A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, al…

Medium

CVE-2025-5472

The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive…