CVE-2025-6211 MEDIUM

CVE-2025-6211: MD5 Hash Collision in run-llama/llama_index

Vendor Run-Llama
Product run-llama/llama_index
Weakness CWE-440
Published July 10, 2025
Last update July 10, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

Key dates

02Disclosure timeline

July 10, 2025 CVE published
July 10, 2025 Record updated