AI Threat Alert

CVE-2025-3044

GHSA-p7j4-jwjf-5x9w MEDIUM
Published July 7, 2025

A vulnerability in the ArxivReader class of the run-llama/llama_index repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
llama-index-readers-papers pip < 0.3.1 0.3.1

Do you use llama-index-readers-papers? You're affected.

Severity & Risk

CVSS 3.1
5.3 / 10
EPSS
0.1%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update llama-index-readers-papers to version 0.3.1

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A vulnerability in the ArxivReader class of the run-llama/llama_index repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in llama-index-readers-papers version 0.3.1 (in llama-index 0.12.28).

Weaknesses (CWE)

CWE-440 Expected Behavior Violation Primary

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Timeline

Published
July 7, 2025
Last Modified
July 8, 2025
First Seen
March 24, 2026
Back to Threat Feed