5 matches found
CVE-2025-6209
A path traversal vulnerability was found in run-llama/llamaindex. This vulnerability allows an attacker to manipulate the imagepath input to read files on the server. File access is limited to those files that the running process has permission to read. Mitigation Mitigation for this issue is...
CVE-2025-6209
creationtimestamp| type| source ---|---|--- 2025-07-07 15:47:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltf52razbk2m...
aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +686 more potentially affected by CVE-2025-6209 via llama-index-core (>=0.10.0 <=0.12.39)
llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-6209 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-10648998...
CVE-2025-6209
CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...
CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...