CVE-2025-3044

A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
https://huntr.com/bounties/80182c3a-876f-422f-8bac-38267e0345d6
https://huntr.com/bounties/80182c3a-876f-422f-8bac-38267e0345d6

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 10:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-3044

Mitre link : CVE-2025-3044

CVE.ORG link : CVE-2025-3044

JSON object : View

Products Affected

No product.

CWE

CWE-440

Expected Behavior Violation

5.3 /10