PT-2025-28148 · Unknown · Llama Index
Published
2025-07-07
·
Updated
2025-07-30
·
CVE-2025-3044
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
llama index versions up to v0.12.22.post1
Description:
A vulnerability in the ArxivReader class allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training.
Recommendations:
For versions up to v0.12.22.post1, update to version 0.12.28 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Llama Index