5.3

CVE-2025-3044

Exploit

EPSS 0.04%
Veröffentlicht 07.07.2025 09:54:22
Zuletzt bearbeitet 30.07.2025 21:28:24
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Llamaindex ≫ Llamaindex Version < 0.12.28

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.13

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-440 Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e

Patch

https://huntr.com/bounties/80182c3a-876f-422f-8bac-38267e0345d6

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-3044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3044

EUVD