Medium severity6.2NVD Advisory· Published Jul 7, 2025· Updated Jun 17, 2026
CVE-2025-6210
CVE-2025-6210
Description
A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
llama-index-readers-obsidianPyPI | < 0.5.2 | 0.5.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/run-llama/llama_index/commit/a86c96ae0e662492eeb471b658ae849a93f628ffnvdPatchWEB
- huntr.com/bounties/a654b322-a509-4448-a1f5-0f22850b4687nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-3j8r-jf9w-5cmhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-6210ghsaADVISORY
News mentions
0No linked articles in our index yet.