- Description
- A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
- Source
- security@huntr.dev
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 6.2
- Impact score
- 3.6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security@huntr.dev
- CWE-22
- Hype score
- Not currently trending
CVE-2025-6210 Path Traversal in LlamaIndex ObsidianReader via Hardlink Exploitation https://t.co/yiCnZ3EZgI
@VulmonFeeds
7 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6210 A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This fla… https://t.co/8YUT5MsZEl
@CVEnew
7 Jul 2025
375 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes