CVE-2025-6210 – This vulnerability in the ObsidianReader class ... (How to Fix)

📋 TL;DR

This vulnerability in the ObsidianReader class of llama_index allows attackers to bypass path restrictions using hardlinks, potentially accessing sensitive system files like /etc/passwd. It affects users of run-llama/llama_index version 0.12.27 who process untrusted input through the vulnerable load_data() method. The flaw stems from inadequate hardlink handling in security checks.

💻 Affected Systems

Products:

run-llama/llama_index

Versions: Version 0.12.27 specifically

Operating Systems: Linux, Unix-like systems with hardlink support

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where hardlinks can be created and the application processes untrusted input files.

📦 What is this software?

Llamaindex by Llamaindex

View all CVEs affecting Llamaindex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like SSH keys, password files, or configuration secrets, potentially leading to privilege escalation.

🟠

Likely Case

Unauthorized reading of sensitive files within the application's directory or accessible system files, potentially exposing credentials or configuration data.

🟢

If Mitigated

Limited impact with proper input validation and file permission restrictions in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to create hardlinks and provide input to the vulnerable function. The bounty program suggests active research interest.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.5.2

Vendor Advisory: https://github.com/run-llama/llama_index/commit/a86c96ae0e662492eeb471b658ae849a93f628ff

Restart Required: Yes

Instructions:

1. Update llama_index to version 0.5.2 or later using pip: pip install llama_index>=0.5.2
2. Restart any services using llama_index
3. Verify the update with: pip show llama_index

🔧 Temporary Workarounds

Restrict file system permissions

linux

Limit the application's file system access to prevent traversal outside intended directories.

chmod 700 /path/to/application/directory
setfacl -m u:appuser:rx /path/to/allowed/directories

Input validation and sanitization

all

Implement strict validation of input file paths before processing.

🧯 If You Can't Patch

Implement strict file permission controls and run the application with minimal privileges
Monitor file system access patterns and audit logs for suspicious hardlink operations

🔍 How to Verify

Check if Vulnerable:

Check if using llama_index version 0.12.27: pip show llama_index | grep Version

Check Version:

pip show llama_index | grep Version

Verify Fix Applied:

Confirm version is 0.5.2 or higher: pip show llama_index | grep Version

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns outside application directories
Multiple failed path validation attempts
Hardlink creation in application working directories

Network Indicators:

N/A - local file system vulnerability

SIEM Query:

source="application.logs" AND ("Permission denied" OR "access denied" OR "path traversal")

📊 Metadata

CVE ID: CVE-2025-6210

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.03% exploit probability (8.7th percentile)

Published: July 7, 2025

Last Updated: July 30, 2025

🔗 References

https://github.com/run-llama/llama_index/commit/a86c96ae0e662492eeb471b658ae849a93f628ff Patch
https://huntr.com/bounties/a654b322-a509-4448-a1f5-0f22850b4687 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6210, you might also want to check these: