cvedb.io
CVE-2025-6210
MEDIUM · CVSS 6.2
EPSS exploitation probability: 0%
Published 2025-07-07T10:15:29.040 · Last modified 2026-06-17T10:01:23.527

Summary

A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.

Affected products

llamaindex — llamaindex

Does this affect you?

Add your gear to cvedb and we'll alert you only when llamaindex ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.