CVE-2025-3046

{"id": "CVE-2025-3046", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-07T10:15:26.900", "references": [{"url": "https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad en la clase `ObsidianReader` del repositorio run-llama/llama_index, versiones 0.12.23 a 0.12.28, permite la lectura arbitraria de archivos mediante enlaces simb\u00f3licos. `ObsidianReader` no resuelve los enlaces simb\u00f3licos a sus rutas reales ni valida si las rutas resueltas se encuentran dentro del directorio deseado. Esta falla permite a los atacantes colocar enlaces simb\u00f3licos que apuntan a archivos fuera del directorio de la b\u00f3veda, que se procesan como archivos Markdown v\u00e1lidos, lo que podr\u00eda exponer informaci\u00f3n confidencial."}], "lastModified": "2025-07-30T21:25:03.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6D74C2-CA67-413D-B1FF-888E26FF992E", "versionEndExcluding": "0.12.28", "versionStartIncluding": "0.12.23"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}