CVE-2025-3044
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-30
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| llamaindex | llamaindex | to 0.12.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-440 | A feature, API, or function does not perform according to its specification. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ArxivReader class of the run-llama/llama_index repository (up to version 0.12.22.post1). It allows MD5 hash collisions when generating filenames for downloaded papers, meaning that different papers with identical titles but different contents can produce the same filename. As a result, one paper may overwrite another, causing data loss and preventing some papers from being processed for AI model training. The issue is fixed in version 0.12.28.
How can this vulnerability impact me? :
The vulnerability can lead to data loss because papers with different contents but identical titles may overwrite each other when saved. This prevents some papers from being processed correctly, which can negatively impact AI model training that relies on these papers.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the run-llama/llama_index repository to version 0.12.28 or later, as this version resolves the MD5 hash collision issue in the ArxivReader class that causes data loss.