PyPi: Llama-Index-Core

CVE-2025-7647

Safety vulnerability ID: 79994

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 30, 2025 Updated at Oct 02, 2025

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of the llama-index-core package are vulnerable to Insecure Temporary File handling due to use of a predictable, world-accessible cache directory on multi-user Linux systems. The get_cache_dir() function uses the hardcoded path /tmp/llama_index without appropriate security controls (e.g., safe permissions or exclusive creation), enabling unsafe temporary-directory usage and race conditions.

Affected package

llama-index-core

Latest version: 0.14.2

Interface between LLMs and your data

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.3

CVSS v3 Details

HIGH 7.3

Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): LOW