Cyber Resilience

CVE-2025-3044

MediumPublic PoC

Published: 07 July 2025

Published
07 July 2025
Modified
30 July 2025
KEV Added
Patch
CVSS Score v3 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0023 46.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3044 is a medium-severity Expected Behavior Violation (CWE-440) vulnerability in Llamaindex Llamaindex. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 46.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

EU & UK References

Vulnerability details

A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may…

more

overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The MD5 hash collision vulnerability in ArxivReader enables file overwrites during paper downloads, facilitating data destruction (data loss), stored data manipulation (overwriting with different content), and endpoint denial of service via application exploitation.

Affected Assets

llamaindex
llamaindex
≤ 0.12.28

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-440

Verification of security function operation directly detects deviations from expected behavior.

References