Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/07/07 7:13 p.m.6 views

CVE-2025-6209

A path traversal vulnerability was found in run-llama/llamaindex. This vulnerability allows an attacker to manipulate the imagepath input to read files on the server. File access is limited to those files that the running process has permission to read. Mitigation Mitigation for this issue is...

7.5CVSS7.2AI score0.00545EPSS
Exploits1References5
circl
circl
added 2025/07/07 3:47 p.m.10 views

CVE-2025-6209

creationtimestamp| type| source ---|---|--- 2025-07-07 15:47:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltf52razbk2m...

7.5CVSS7.1AI score0.00545EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2025/07/07 12:44 p.m.4 views

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +686 more potentially affected by CVE-2025-6209 via llama-index-core (>=0.10.0 <=0.12.39)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-6209 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-10648998...

7.5CVSS7AI score0.00545EPSS
Exploits1
cve
cve
added 2025/07/07 12:21 p.m.42 views

CVE-2025-6209

CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...

7.5CVSS7.4AI score0.00545EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2025/07/07 12:21 p.m.2 views

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6.9AI score0.00545EPSS
Exploits1References2
Rows per page
Query Builder