CNNVD-202507-1488 Information

CNNVD ID

CNNVD-202507-1488

Related CVE

CVE-2025-6211

• CNNVD Published: 2025-07-10

Description (Chinese)

LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.28及之前版本存在安全漏洞，该漏洞源于使用MD5哈希生成文档块ID，可能导致哈希冲突。

Description (English)

LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.28 and previous versions had a security loophole, which stemmed from the use of MD5 Hash to generate document block ID, which could lead to a conflict between Hashi.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LlamaIndex

Published

2025-07-10

Last Modified

2026-02-24

References

https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389 https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352 https://nvd.nist.gov/vuln/detail/CVE-2025-6211

Patch

https://github.com/run-llama/llama_index/releases