CVE-2025-6211
published 2025-07-10CVE-2025-6211: A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for…
PriorityP433medium6.5CVSS 3.0
AVNACLPRNUINSUCNILAL
EPSS
0.31%
23.1th percentile
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| llamaindex | llamaindex | < 0.3.1 | 0.3.1 |
| run-llama | run-llama_llama_index | >= unspecified < 0.3.1 | 0.3.1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
llama-index: llama_index MD5 Hash Collision
vendor_redhat·2025-07-10·CVSS 6.5
CVE-2025-6211 [MEDIUM] CWE-440 llama-index: llama_index MD5 Hash Collision
llama-index: llama_index MD5 Hash Collision
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
A hash collision flaw has been discovered in run-llama/llama_index. This flaw involves then use of the MD5 function to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct ch
GHSA
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
ghsa·2025-07-10
CVE-2025-6211 [MEDIUM] CWE-440 LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
OSV
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
osv·2025-07-10
CVE-2025-6211 [MEDIUM] LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-10
Published