CVE-2025-7647: llama-index-core insecurely handles temporary files

September 27, 2025 (updated September 29, 2025)

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the get_cache_dir() function where a predictable, hardcoded directory path /tmp/llama_index is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct symlink attacks. The issue affects all Linux deployments where multiple users share the same system. The vulnerability is classified under CWE-379, CWE-377, and CWE-367, indicating insecure temporary file creation and potential race conditions.

References

github.com/advisories/GHSA-cr7q-2w66-hjcm
github.com/run-llama/llama_index
github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4
huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e
nvd.nist.gov/vuln/detail/CVE-2025-7647

Code Behaviors & Features

Detect and mitigate CVE-2025-7647 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →