Vulnerability Details CVE-2025-6210
A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.3%
CVSS Severity
CVSS v3 Score 6.2
References
Products affected by CVE-2025-6210
-
cpe:2.3:a:llamaindex:llamaindex:0.2.17
-
cpe:2.3:a:llamaindex:llamaindex:0.3.0
-
cpe:2.3:a:llamaindex:llamaindex:0.3.1
-
cpe:2.3:a:llamaindex:llamaindex:0.3.2
-
cpe:2.3:a:llamaindex:llamaindex:0.3.3
-
cpe:2.3:a:llamaindex:llamaindex:0.3.4
-
cpe:2.3:a:llamaindex:llamaindex:0.3.5
-
cpe:2.3:a:llamaindex:llamaindex:0.3.6
-
cpe:2.3:a:llamaindex:llamaindex:0.4.0
-
cpe:2.3:a:llamaindex:llamaindex:0.4.1
-
cpe:2.3:a:llamaindex:llamaindex:0.4.10
-
cpe:2.3:a:llamaindex:llamaindex:0.4.11
-
cpe:2.3:a:llamaindex:llamaindex:0.4.12
-
cpe:2.3:a:llamaindex:llamaindex:0.4.13
-
cpe:2.3:a:llamaindex:llamaindex:0.4.14
-
cpe:2.3:a:llamaindex:llamaindex:0.4.15
-
cpe:2.3:a:llamaindex:llamaindex:0.4.16
-
cpe:2.3:a:llamaindex:llamaindex:0.4.17
-
cpe:2.3:a:llamaindex:llamaindex:0.4.18
-
cpe:2.3:a:llamaindex:llamaindex:0.4.19
-
cpe:2.3:a:llamaindex:llamaindex:0.4.2
-
cpe:2.3:a:llamaindex:llamaindex:0.4.20
-
cpe:2.3:a:llamaindex:llamaindex:0.4.21
-
cpe:2.3:a:llamaindex:llamaindex:0.4.22
-
cpe:2.3:a:llamaindex:llamaindex:0.4.23
-
cpe:2.3:a:llamaindex:llamaindex:0.4.24
-
cpe:2.3:a:llamaindex:llamaindex:0.4.25
-
cpe:2.3:a:llamaindex:llamaindex:0.4.26
-
cpe:2.3:a:llamaindex:llamaindex:0.4.27
-
cpe:2.3:a:llamaindex:llamaindex:0.4.28
-
cpe:2.3:a:llamaindex:llamaindex:0.4.29
-
cpe:2.3:a:llamaindex:llamaindex:0.4.3
-
cpe:2.3:a:llamaindex:llamaindex:0.4.30
-
cpe:2.3:a:llamaindex:llamaindex:0.4.31
-
cpe:2.3:a:llamaindex:llamaindex:0.4.32
-
cpe:2.3:a:llamaindex:llamaindex:0.4.33
-
cpe:2.3:a:llamaindex:llamaindex:0.4.34
-
cpe:2.3:a:llamaindex:llamaindex:0.4.35
-
cpe:2.3:a:llamaindex:llamaindex:0.4.36
-
cpe:2.3:a:llamaindex:llamaindex:0.4.37
-
cpe:2.3:a:llamaindex:llamaindex:0.4.38
-
cpe:2.3:a:llamaindex:llamaindex:0.4.39
-
cpe:2.3:a:llamaindex:llamaindex:0.4.4
-
cpe:2.3:a:llamaindex:llamaindex:0.4.40
-
cpe:2.3:a:llamaindex:llamaindex:0.4.5
-
cpe:2.3:a:llamaindex:llamaindex:0.4.6
-
cpe:2.3:a:llamaindex:llamaindex:0.4.7
-
cpe:2.3:a:llamaindex:llamaindex:0.4.8
-
cpe:2.3:a:llamaindex:llamaindex:0.4.9
-
cpe:2.3:a:llamaindex:llamaindex:0.5.0
-
cpe:2.3:a:llamaindex:llamaindex:0.5.1