CVE-2025-6209
published 2025-07-07CVE-2025-6209: A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in…
PriorityP350high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.55%
41.6th percentile
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| llamaindex | llamaindex | >= 0.12.27 < 0.12.41 | 0.12.41 |
| run-llama | run-llama_llama_index | >= unspecified < 0.12.41 | 0.12.41 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
ghsa·2025-07-07
CVE-2025-6209 [HIGH] CWE-29 LlamaIndex vulnerable to Path Traversal attack through its encode_image function
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llama_index versions 0.11.23 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.
OSV
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
osv·2025-07-07
CVE-2025-6209 [HIGH] LlamaIndex vulnerable to Path Traversal attack through its encode_image function
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llama_index versions 0.11.23 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.
OSV
CVE-2025-6209: A path traversal vulnerability exists in run-llama/llama_index versions 0
osv·2025-07-07
CVE-2025-6209 CVE-2025-6209: A path traversal vulnerability exists in run-llama/llama_index versions 0
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.
Red Hat
llama-index: File Read through Path Traversal in llama_index
vendor_redhat·2025-07-07·CVSS 7.5
CVE-2025-6209 [HIGH] CWE-29 llama-index: File Read through Path Traversal in llama_index
llama-index: File Read through Path Traversal in llama_index
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.
A path traversal vulnerability was found in run-llama/llama_index. This vulnerability allows an attacker to manipulate the `image_path` input to read files on the server. File access is limited to those files that
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-07
Published