5.3

CVE-2025-3044

Exploit

EPSS 0.28%
Veröffentlicht 07.07.2025 09:54:22
Zuletzt bearbeitet 30.07.2025 21:28:24
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

MD5 Hash Collision in run-llama/llama_index

A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Llamaindex ≫ Llamaindex Version < 0.12.28

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.196

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-440 Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e

Patch

https://huntr.com/bounties/80182c3a-876f-422f-8bac-38267e0345d6

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-3044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3044

EUVD