What is CVE-2025-3044?

CVE-2025-3044 is a medium-severity vulnerability in Run-llama Run-llama/llama_index, classified under Expected Behavior Violation. CVSS score: 5.3/10. Published 2025-07-07.

How severe is CVE-2025-3044?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Run-llama Run-llama/llama_index

CVE-2025-3044

A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with iden…

EPSS: 0.002 (46.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Run-llama Run-llama/llama_index — versions unspecified

Weakness classification (CWE)

CWE-440 — Expected Behavior Violation

References

huntr.com/bounties/80182c3a-876f-422f-8bac-38267e0345d6
github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e

Frequently asked questions

What is CVE-2025-3044?: CVE-2025-3044 is a medium-severity vulnerability in Run-llama Run-llama/llama_index, classified under Expected Behavior Violation. CVSS score: 5.3/10. Published 2025-07-07.
How severe is CVE-2025-3044?: Medium severity. CVSS v3 base score is 5.3 out of 10.