CNNVD-202507-763 Information

CNNVD ID

CNNVD-202507-763

Related CVE

CVE-2025-3046

• CNNVD Published: 2025-07-07

Description (Chinese)

LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.23至0.12.28版本存在安全漏洞，该漏洞源于ObsidianReader类未解析符号链接，可能导致任意文件读取。

Description (English)

LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.23 to 0.12.28 contains a security loophole, which originates from the unsolved symbol link of the Obsidian Reader class and may lead to any document being read.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LlamaIndex

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da https://access.redhat.com/security/cve/cve-2025-3046

Patch

https://github.com/run-llama/llama_index/releases