CVE-2025-3046 is a high-severity path traversal vulnerability (CWE-22) affecting the `ObsidianReader` class in the run-llama/llama_index repository, specifically versions 0.12.23 to 0.12.28. The vulnerability arises because the ObsidianReader fails to properly resolve symbolic links to their canonical paths and does not verify whether these resolved paths remain within the intended vault directory. Attackers can exploit this flaw by creating symbolic links inside the vault directory that point to arbitrary files elsewhere on the filesystem. When the ObsidianReader processes these symlinks as valid Markdown files, it inadvertently exposes the contents of files outside the vault, potentially including sensitive system or user data. The vulnerability requires no authentication or user interaction and can be exploited remotely if an attacker can place or influence symlinks within the vault directory. The CVSS 3.0 score of 7.5 reflects the network attack vector, low complexity, no privileges required, no user interaction, and a high impact on confidentiality, with no impact on integrity or availability. No known exploits are currently reported in the wild, but the vulnerability poses a significant risk to confidentiality due to arbitrary file read capabilities. The lack of patch links suggests that a fix may not yet be publicly available or is pending release.

For European organizations using run-llama/llama_index versions 0.12.23 to 0.12.28, this vulnerability could lead to unauthorized disclosure of sensitive information stored on affected systems. This includes internal documents, configuration files, credentials, or personally identifiable information (PII) that may reside outside the vault directory but accessible via symlink exploitation. Such data breaches could violate GDPR and other data protection regulations, leading to legal penalties and reputational damage. The exposure of sensitive internal files could also facilitate further attacks, such as lateral movement or privilege escalation within the organization’s network. Since the vulnerability does not affect integrity or availability, the primary concern is confidentiality loss. European organizations in sectors with high data sensitivity—such as finance, healthcare, government, and critical infrastructure—are particularly at risk. Additionally, organizations using this library in cloud or containerized environments may face increased exposure if directory permissions are misconfigured, allowing attackers to plant malicious symlinks.

1. Immediate mitigation involves upgrading to a fixed version of run-llama/llama_index once available. Until then, organizations should audit and restrict write permissions to the vault directory to trusted users only, preventing unauthorized creation of symbolic links. 2. Implement filesystem monitoring to detect creation of unexpected symlinks within the vault directory. 3. Employ application-level input validation to ensure that any file paths resolved by ObsidianReader are canonicalized and strictly confined within the vault directory boundaries before processing. 4. Use container or OS-level sandboxing to limit the file system scope accessible to the application, reducing the impact of potential exploitation. 5. Conduct regular security reviews and penetration testing focused on path traversal and symlink attacks in environments using this library. 6. If possible, configure the application to run with least privilege, restricting its access to only necessary directories and files. 7. Monitor security advisories from run-llama and related repositories for patches or updates addressing this vulnerability.