CVE-2025-6210: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in run-llama run-llama/llama_index
A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
AI Analysis
Technical Summary
CVE-2025-6210 is a path traversal vulnerability classified under CWE-22, affecting the ObsidianReader class in the run-llama/llama_index repository, specifically version 0.12.27. The vulnerability arises due to improper handling of hardlinks in the load_data() method. Attackers can exploit this flaw by creating hardlinks that bypass the intended pathname restrictions, allowing unauthorized access to sensitive system files such as /etc/passwd. This occurs because the security checks fail to distinguish between actual files and hardlinks, enabling attackers to traverse directories outside the permitted scope. The vulnerability does not require user interaction or privileges (no authentication needed) and can be exploited locally (AV:L - local attack vector). The flaw impacts confidentiality by exposing sensitive files but does not affect integrity or availability. The issue has been addressed in version 0.5.2 of the product, although the affected versions are not fully specified. The CVSS v3.0 score is 6.2 (medium severity), reflecting the local attack vector and lack of required privileges but high confidentiality impact. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running the affected run-llama/llama_index software, especially if used in environments where local users or processes could exploit the flaw to access sensitive files. Exposure of files like /etc/passwd could lead to information disclosure, aiding further attacks such as privilege escalation or lateral movement. Organizations using this software in development, data processing, or AI-related workflows may inadvertently expose critical system information. The impact is heightened in sectors with strict data protection regulations such as GDPR, where unauthorized data access can lead to compliance violations and reputational damage. Since exploitation requires local access, the threat is more significant in multi-user or shared environments, including cloud or containerized deployments common in European enterprises.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should immediately upgrade run-llama/llama_index to version 0.5.2 or later where the issue is resolved. Until patching is possible, restrict local access to systems running the vulnerable software to trusted users only. Implement strict file system permissions and monitoring to detect unusual hardlink creation or access patterns. Employ application-level sandboxing or containerization to limit the scope of file system access by the application. Additionally, conduct code reviews and static analysis focusing on file handling and path validation logic to prevent similar issues. Network segmentation and limiting user privileges can further reduce the risk of exploitation. Finally, maintain up-to-date inventories of software components to ensure timely patching of vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark
CVE-2025-6210: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in run-llama run-llama/llama_index
Description
A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-6210 is a path traversal vulnerability classified under CWE-22, affecting the ObsidianReader class in the run-llama/llama_index repository, specifically version 0.12.27. The vulnerability arises due to improper handling of hardlinks in the load_data() method. Attackers can exploit this flaw by creating hardlinks that bypass the intended pathname restrictions, allowing unauthorized access to sensitive system files such as /etc/passwd. This occurs because the security checks fail to distinguish between actual files and hardlinks, enabling attackers to traverse directories outside the permitted scope. The vulnerability does not require user interaction or privileges (no authentication needed) and can be exploited locally (AV:L - local attack vector). The flaw impacts confidentiality by exposing sensitive files but does not affect integrity or availability. The issue has been addressed in version 0.5.2 of the product, although the affected versions are not fully specified. The CVSS v3.0 score is 6.2 (medium severity), reflecting the local attack vector and lack of required privileges but high confidentiality impact. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running the affected run-llama/llama_index software, especially if used in environments where local users or processes could exploit the flaw to access sensitive files. Exposure of files like /etc/passwd could lead to information disclosure, aiding further attacks such as privilege escalation or lateral movement. Organizations using this software in development, data processing, or AI-related workflows may inadvertently expose critical system information. The impact is heightened in sectors with strict data protection regulations such as GDPR, where unauthorized data access can lead to compliance violations and reputational damage. Since exploitation requires local access, the threat is more significant in multi-user or shared environments, including cloud or containerized deployments common in European enterprises.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should immediately upgrade run-llama/llama_index to version 0.5.2 or later where the issue is resolved. Until patching is possible, restrict local access to systems running the vulnerable software to trusted users only. Implement strict file system permissions and monitoring to detect unusual hardlink creation or access patterns. Employ application-level sandboxing or containerization to limit the scope of file system access by the application. Additionally, conduct code reviews and static analysis focusing on file handling and path validation logic to prevent similar issues. Network segmentation and limiting user privileges can further reduce the risk of exploitation. Finally, maintain up-to-date inventories of software components to ensure timely patching of vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- @huntr_ai
- Date Reserved
- 2025-06-17T17:35:10.416Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 686b9cd26f40f0eb72e2e270
Added to database: 7/7/2025, 10:09:22 AM
Last enriched: 7/7/2025, 10:25:57 AM
Last updated: 7/7/2025, 10:25:57 AM
Views: 2
Related Threats
CVE-2025-7126: SQL Injection in itsourcecode Employee Management System
MediumCVE-2025-7125: SQL Injection in itsourcecode Employee Management System
MediumCVE-2025-7124: Unrestricted Upload in code-projects Online Note Sharing
MediumCVE-2025-6386: CWE-203 Observable Discrepancy in parisneo parisneo/lollms
HighCVE-2025-5472: CWE-674 Uncontrolled Recursion in run-llama run-llama/llama_index
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.