CVE-2025-3046

Name of the Vulnerable Software and Affected Versions: llama index versions 0.12.23 through 0.12.28

Description: A flaw in the ObsidianReader class allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.

Recommendations: For versions 0.12.23 through 0.12.28, as a temporary workaround, consider disabling the ObsidianReader class until a patch is available. Restrict access to the ObsidianReader class to minimize the risk of exploitation. Avoid using symbolic links in the affected directory until the issue is resolved.