CVE-2025-7707
📋 TL;DR
The llama_index library version 0.12.33 sets the NLTK data directory to a world-writable location by default, allowing local users to tamper with or delete NLTK data files. This can lead to denial of service, data corruption, or potential privilege escalation in multi-user environments where the library is deployed.
💻 Affected Systems
- llama_index
📦 What is this software?
Llamaindex by Llamaindex
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation through manipulation of NLTK data files, complete denial of service for all users of the application, or data tampering affecting downstream processes.
Likely Case
Denial of service through deletion or corruption of NLTK data files, disrupting natural language processing functionality for all users on the system.
If Mitigated
Minimal impact if proper user isolation and directory permissions are enforced, with only authorized users able to access the NLTK data directory.
🎯 Exploit Status
Exploitation requires local user access to the system. The vulnerability is simple to exploit using standard file system operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit 98816394d57c7f53f847ed7b60725e69d0e7aae4
Vendor Advisory: https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4
Restart Required: No
Instructions:
1. Update llama_index to a version after commit 98816394d57c7f53f847ed7b60725e69d0e7aae4
2. Run: pip install --upgrade llama_index
3. Verify the NLTK data directory is now set to a user-specific location
🔧 Temporary Workarounds
Set NLTK_DATA environment variable
linuxOverride the default NLTK data directory to a user-specific location
export NLTK_DATA=$HOME/.nltk_data
Change directory permissions
linuxRestrict write permissions on the default NLTK data directory
chmod 755 /path/to/llama_index/nltk_data
🧯 If You Can't Patch
- Isolate the application to run under a dedicated user account with restricted permissions
- Implement strict file system monitoring and auditing on the NLTK data directory
🔍 How to Verify
Check if Vulnerable:
Check if llama_index version is 0.12.33 and if the NLTK data directory is world-writableCheck Version:
python -c "import llama_index; print(llama_index.__version__)"Verify Fix Applied:
Verify NLTK data directory is now in a user-specific location (e.g., ~/.nltk_data) and not world-writable📡 Detection & Monitoring
Log Indicators:
- File permission changes on NLTK data directory
- Unexpected file modifications in the llama_index installation directory
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
FileSystemEvent where TargetPath contains 'nltk_data' and (Action='Modify' or Action='Delete')