Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-3046

A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.3%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-3046


Contact Us

Shodan ® - All rights reserved