CVE-2025-3046

Опубликовано: 07 июл. 2025

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.

Отчет

On RedHat systems most users are not given access to sensitive files. A compromised process using llama index will not have access to general system secrets unless it has been given greater permission than it should have.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ansible Automation Platform 2	ansible-automation-platform-24/de-minimal-rhel8	Fix deferred
Red Hat Ansible Automation Platform 2	ansible-automation-platform-24/de-minimal-rhel9	Fix deferred
Red Hat Ansible Automation Platform 2	ansible-automation-platform-25/de-minimal-rhel8	Fix deferred
Red Hat Ansible Automation Platform 2	ansible-automation-platform-25/de-minimal-rhel9	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=2376772llama-index: Path Traversal llama_index

EPSS

Процентиль: 27%

0.0009

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-3046

CVSS3: 7.5

nvd

2 месяца назад

A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.

GHSA-fmrf-6jv9-qjc7