CVE-2025-3046

A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da
https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 10:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-3046

Mitre link : CVE-2025-3046

CVE.ORG link : CVE-2025-3046

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-3046", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-07T10:15:26.900", "references": [{"url": "https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad en la clase `ObsidianReader` del repositorio run-llama/llama_index, versiones 0.12.23 a 0.12.28, permite la lectura arbitraria de archivos mediante enlaces simb\u00f3licos. `ObsidianReader` no resuelve los enlaces simb\u00f3licos a sus rutas reales ni valida si las rutas resueltas se encuentran dentro del directorio deseado. Esta falla permite a los atacantes colocar enlaces simb\u00f3licos que apuntan a archivos fuera del directorio de la b\u00f3veda, que se procesan como archivos Markdown v\u00e1lidos, lo que podr\u00eda exponer informaci\u00f3n confidencial."}], "lastModified": "2025-07-08T16:18:34.923", "sourceIdentifier": "security@huntr.dev"}