6.5

CVE-2025-6211

Exploit

EPSS 0.06%
Veröffentlicht 10.07.2025 13:04:34
Zuletzt bearbeitet 30.07.2025 20:00:35
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Llamaindex ≫ Llamaindex Version < 0.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.193

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	6.5	3.9	2.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-440 Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389

Third Party Advisory

Exploit

https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-6211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6211

EUVD