CNNVD-202509-4241 Information
CNNVD ID
CNNVD-202509-4241
Related CVE
- CNNVD Published: 2025-09-27
Description (Chinese)
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.44及之前版本存在安全漏洞,该漏洞源于get_cache_dir函数使用硬编码路径且缺乏安全控制,可能导致模型窃取、缓存投毒或符号链接攻击。
Description (English)
LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.44 and previous versions have a security loophole, which stems from the fact that the Get cache dir function uses hard-coded paths and lacks security controls, which may lead to model theft, cache poisoning or symbolic link attacks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
LlamaIndex
Published
2025-09-27
Last Modified
2026-02-24
References
https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4 https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e https://vigilance.fr/vulnerability/llama-index-core-directory-traversal-via-get-cache-dir-48562
Patch
https://github.com/run-llama/llama_index/releases
Share on: