CVE-2025-21604 MEDIUM

CVE-2025-21604: LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts

Vendor Moyangzhan
Product langchain4j-aideepin
Weakness CWE-328 · Weak hash
Published January 6, 2025
Last update January 6, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.

Key dates

02Disclosure timeline

January 6, 2025 CVE published
January 6, 2025 Record updated