CVE-2025-3044
Published: 07 July 2025
Summary
CVE-2025-3044 is a medium-severity Expected Behavior Violation (CWE-440) vulnerability in Llamaindex Llamaindex. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 46.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20218
Vulnerability details
A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may…
more
overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The MD5 hash collision vulnerability in ArxivReader enables file overwrites during paper downloads, facilitating data destruction (data loss), stored data manipulation (overwriting with different content), and endpoint denial of service via application exploitation.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Verification of security function operation directly detects deviations from expected behavior.