CNNVD-202510-1623 Information
CNNVD ID
CNNVD-202510-1623
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.33版本存在安全漏洞,该漏洞源于默认将NLTK数据目录设置为代码库子目录且全局可写,可能导致拒绝服务、数据篡改或权限提升。
Description (English)
LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.33 version contains a security loophole that results from the default setting of NLTK data directories as a subdirectories of the code library and is written in a global way, which may lead to the denial of services, data manipulation or the enhancement of privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LlamaIndex
Published
2025-10-13
Last Modified
2026-02-24
References
https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4 https://huntr.com/bounties/3fe2c8ab-6727-4aef-a0ef-4d2818e48803 https://access.redhat.com/security/cve/cve-2025-7707
Patch
https://github.com/run-llama/llama_index/releases
Share on: