CVE-2025-7707 World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index

The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...

PT-2025-41794

Name of the Vulnerable Software and Affected Versions llama index version 0.12.33 Description The software sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or...