Login Sign Up

CVE-2025-6211

6.5 MEDIUM

📋 TL;DR

This vulnerability in the run-llama/llama_index library uses MD5 hashing to generate document chunk IDs, causing hash collisions when different chunks have identical text. This leads to data loss, broken document hierarchies, and inaccurate AI responses. Users of llama_index versions up to 0.12.28 who process documents with the DocugamiReader are affected.

💻 Affected Systems

Products:
  • run-llama/llama_index
Versions: Versions up to and including 0.12.28
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the DocugamiReader class for document processing.

📦 What is this software?

Llamaindex by Llamaindex

View all CVEs affecting Llamaindex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical document content is permanently lost, legal documents become incomplete or inaccurate, AI systems generate completely hallucinated responses based on corrupted data.

🟠

Likely Case

Some document chunks are overwritten, causing partial data loss and occasional inaccurate AI responses, particularly with repetitive or templated documents.

🟢

If Mitigated

Minor data inconsistencies in non-critical documents with minimal impact on overall system functionality.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires feeding specific document structures to trigger hash collisions, but no authentication or special privileges are needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.1

Vendor Advisory: https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352

Restart Required: No

Instructions:

1. Update llama_index package: pip install llama_index==0.3.1 2. Verify the update completed successfully 3. Re-process any documents that were previously processed with vulnerable versions

🔧 Temporary Workarounds

Avoid DocugamiReader

all

Temporarily use alternative document readers that don't have this vulnerability

Custom ID Generation

all

Override the ID generation method in DocugamiReader to use a collision-resistant hash function

🧯 If You Can't Patch

  • Implement data validation checks to detect hash collisions in processed documents
  • Maintain backup copies of all source documents before processing with vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check if using llama_index <= 0.12.28 and if DocugamiReader is used in your codebase

Check Version:

pip show llama_index | grep Version

Verify Fix Applied:

Verify llama_index version is 0.3.1 or higher and test document processing with known collision-triggering content

📡 Detection & Monitoring

Log Indicators:

  • Repeated document chunk IDs in processing logs
  • Missing expected document sections in output

SIEM Query:

Search for application logs containing 'DocugamiReader' AND 'MD5' OR 'hash collision'

📊 Metadata

CVE ID: CVE-2025-6211
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-440
EPSS Score: 0.06% exploit probability (19.2th percentile)
Published: July 10, 2025
Last Updated: July 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6211, you might also want to check these:

CVE-2023-4807 7.8

A bug in OpenSSL's POLY1305 MAC implementation on Windows 64-bit systems with AVX512-IFMA capable pr...

Same vulnerability type (CWE-440)
CVE-2024-47762 5.8

Backstage's APP_CONFIG_* environment variables ignore visibility settings defined in configuration s...

Same vulnerability type (CWE-440)
CVE-2025-13940 5.5

This vulnerability in WatchGuard Fireware OS allows attackers to bypass the boot-time system integri...

Same vulnerability type (CWE-440)