Description
A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/90a1f1b2-bb82-4d66-9fc1-856ed5f904da
Scores
CVSS v3
7.5
EPSS
0.0049
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
llamaindex/llamaindex
0.12.23 - 0.12.28
pypi/llama-index-readers-obsidian
0 - 0.5.1PyPI
Published
Jul 07, 2025
Tracked Since
Feb 18, 2026