CVE-2025-6210

Name of the Vulnerable Software and Affected Versions: llama index version 0.12.27

Description: A flaw in the ObsidianReader class allows for hardlink-based path traversal, enabling attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. This issue arises from inadequate handling of hardlinks in the load data() method.

Recommendations: For version 0.12.27, update to version 0.5.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive system files to minimize the risk of exploitation.