{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3046", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-03-31T12:36:26.873Z", "datePublished": "2025-07-07T09:54:50.409Z", "dateUpdated": "2025-07-07T14:00:59.560Z"}, "containers": {"cna": {"title": "Path Traversal via Symbolic Links in run-llama/llama_index", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-07-07T09:54:50.409Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information."}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"version": "unspecified", "lessThan": "0.12.28", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da"}, {"url": "https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "source": {"advisory": "90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "discovery": "EXTERNAL"}}, "adp": [{"references": [{"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T14:00:57.168137Z", "id": "CVE-2025-3046", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T14:00:59.560Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3046", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-07T14:00:57.168137Z"}}}], "references": [{"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T14:00:47.025Z"}}], "cna": {"title": "Path Traversal via Symbolic Links in run-llama/llama_index", "source": {"advisory": "90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.12.28", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da"}, {"url": "https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-07-07T09:54:50.409Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3046", "state": "PUBLISHED", "dateUpdated": "2025-07-07T14:00:59.560Z", "dateReserved": "2025-03-31T12:36:26.873Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-07-07T09:54:50.409Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC6D74C2-CA67-413D-B1FF-888E26FF992E", "versionEndExcluding": "0.12.28", "versionStartIncluding": "0.12.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad en la clase `ObsidianReader` del repositorio run-llama/llama_index, versiones 0.12.23 a 0.12.28, permite la lectura arbitraria de archivos mediante enlaces simb\u00f3licos. `ObsidianReader` no resuelve los enlaces simb\u00f3licos a sus rutas reales ni valida si las rutas resueltas se encuentran dentro del directorio deseado. Esta falla permite a los atacantes colocar enlaces simb\u00f3licos que apuntan a archivos fuera del directorio de la b\u00f3veda, que se procesan como archivos Markdown v\u00e1lidos, lo que podr\u00eda exponer informaci\u00f3n confidencial."}], "id": "CVE-2025-3046", "lastModified": "2025-07-30T21:25:03.810", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-07-07T10:15:26.900", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{"bugzilla": {"description": "llama-index: Path Traversal llama_index", "id": "2376772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376772"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-3046", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2025-07-07T09:54:50Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3046\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3046\nhttps://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e\nhttps://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da"], "statement": "On RedHat systems most users are not given access to sensitive files. A compromised process using llama index will not have access to general system secrets unless it has been given greater permission than it should have.", "threat_severity": "Moderate"}