Vulnerability Description
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Llamaindex | Llamaindex | < 0.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b2Patch
- https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389ExploitThird Party Advisory
- https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389ExploitThird Party Advisory
FAQ
What is CVE-2025-6211?
CVE-2025-6211 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to ...
How severe is CVE-2025-6211?
CVE-2025-6211 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6211?
Check the references section above for vendor advisories and patch information. Affected products include: Llamaindex Llamaindex.