CVE-2025-6211
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-30
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| llamaindex | llamaindex | to 0.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-440 | A feature, API, or function does not perform according to its specification. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the DocugamiReader class of the run-llama/llama_index repository (up to version 0.12.28). It uses MD5 hashing to generate IDs for document chunks, which can cause hash collisions when different chunks have identical text. As a result, one chunk can overwrite another, leading to loss of important document content, breakage of chunk hierarchies, and inaccurate or hallucinated AI responses.
How can this vulnerability impact me? :
The vulnerability can cause loss of semantically or legally important document content due to chunk overwriting, break the parent-child relationships between document chunks, and produce inaccurate or hallucinated responses in AI outputs, potentially affecting the reliability and integrity of document processing and AI-generated information.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the run-llama/llama_index repository to version 0.3.1 or later, where the vulnerability involving MD5 hashing in the DocugamiReader class has been resolved.