CVE-2025-6209 is a path traversal vulnerability identified in the run-llama project's component llama_index, specifically affecting versions 0.12.27 through 0.12.40. The vulnerability resides in the encode_image function within the generic_utils.py file. The root cause is insufficient validation or sanitization of the image_path input parameter, which allows an attacker to craft a path containing traversal sequences such as "\..\filename". This manipulation enables unauthorized reading of arbitrary files on the server, including sensitive system files outside the intended directory scope. The vulnerability does not require any authentication or user interaction and can be exploited remotely over the network. The CVSS v3.0 base score is 7.5, indicating a high severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). The vulnerability has been addressed and fixed in version 0.12.41 of the run-llama/llama_index package. There are no known exploits in the wild at the time of publication, but the ease of exploitation and high confidentiality impact make it a significant risk if left unpatched.

For European organizations using the run-llama/llama_index library versions 0.12.27 through 0.12.40, this vulnerability poses a serious risk to the confidentiality of sensitive data. Attackers exploiting this flaw can read arbitrary files on affected servers, potentially exposing credentials, configuration files, intellectual property, or personal data protected under GDPR. This could lead to data breaches, regulatory fines, reputational damage, and loss of customer trust. Since the vulnerability does not affect integrity or availability, the primary concern is unauthorized data disclosure. Organizations relying on run-llama for AI or machine learning workloads that process images or files are particularly at risk. The vulnerability's network accessibility and lack of authentication requirements increase the likelihood of exploitation, especially in internet-facing deployments or environments with insufficient network segmentation. Given the sensitivity of data handled by many European enterprises and strict data protection regulations, the impact could be substantial if exploited.

European organizations should immediately upgrade run-llama/llama_index to version 0.12.41 or later, where the vulnerability is fixed. Until the upgrade is applied, organizations should implement strict input validation and sanitization on all user-supplied file paths to prevent path traversal sequences. Employ application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal patterns in requests. Restrict file system permissions so that the application process has access only to necessary directories and files, minimizing exposure if exploitation occurs. Conduct thorough code reviews and static analysis on any custom code interacting with file paths to ensure no similar vulnerabilities exist. Monitor logs for unusual file access patterns or errors that could indicate attempted exploitation. Finally, ensure network segmentation and limit exposure of vulnerable services to trusted internal networks when possible to reduce attack surface.