VYPR
Moderate severityNVD Advisory· Published Jul 10, 2025· Updated Jul 10, 2025

MD5 Hash Collision in run-llama/llama_index

CVE-2025-6211

Description

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
llama-indexPyPI
< 0.12.410.12.41
llama-index-readers-docugamiPyPI
< 0.3.10.3.1

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.