CVE-2025-3044

Published Jul 7, 2025

Last updated 10 days ago

CVSS medium 5.3

Overview

Description
A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.
Source
security@huntr.dev
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

security@huntr.dev
CWE-440

Social media

Hype score
Not currently trending

  1. CVE-2025-3044 A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filename… https://t.co/RRhH67TQIp

    @CVEnew

    7 Jul 2025

    494 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.