Home > Vulnerability Database > CVE-2025-6211

Mend.io Vulnerability Database

CVE-2025-6211

Good to know:

Date: July 10, 2025

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/run-llama/llama_index

Url: https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6211

Url: https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389

Url: https://www.mend.io/vulnerability-database/CVE-2025-6211

Severity Score

6.5

Weakness Type (CWE)

Expected Behavior Violation

CWE-440

Top Fix

Upgrade Version

Upgrade to version llama-index-readers-docugami - 0.3.1;llama-index-readers-docugami - 0.3.1;llama-index - 0.12.41;https://github.com/run-llama/llama_index.git - v0.12.41

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6211

Good to know:

Date: July 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?