7.5
CVE-2025-3046
- EPSS 0.56%
- Veröffentlicht 07.07.2025 09:54:50
- Zuletzt bearbeitet 30.07.2025 21:25:03
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginPath Traversal via Symbolic Links in run-llama/llama_index
A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Llamaindex ≫ Llamaindex Version >= 0.12.23 < 0.12.28
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.418 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@huntr.dev | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da