CVE-2025-3044 – ArxivReader MD5 Hash Collision Vulnerability

July 7, 2025

CVE ID : CVE-2025-3044

Published : July 7, 2025, 10:15 a.m. | 2 hours, 54 minutes ago

Description : A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3046 – “Obsidian Reader Symbolic Link File Read Vulnerability”

Next Article CVE-2024-43334 – Gavias Halpes Cross-site Scripting (XSS)

Highlights

CVE-2025-52995 – File Browser Privilege Escalation Vulnerability

June 30, 2025

CVE ID : CVE-2025-52995

Published : June 30, 2025, 8:15 p.m. | 3 hours, 14 minutes ago

Description : File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized for. The concrete impact of this vulnerability depends on the commands configured, and the binaries installed on the server or in the container image. Due to the missing separation of scopes on the OS-level, this could give an attacker access to all files managed the application, including the File Browser database. This issue has been patched in version 2.33.10.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-3044 – ArxivReader MD5 Hash Collision Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-3461 – Quantenna Wi-Fi Missing Authentication for Critical Function

Microsoft Pressed Over DOGE GitHub Code Tied to NLRB Data Removal

CVE-2025-6497 – “HTACG Tidy-html5 Assertion Vulnerability”

Transforming the future of music creation

CVE-2025-52995 – File Browser Privilege Escalation Vulnerability

CVE-2025-53689 – Apache Jackrabbit XXE Injection Vulnerability

CVE-2025-3712 – “LCD KVM over IP Switch CL5708IM Heap-based Buffer Overflow Denial-of-Service Vulnerability”

bytefury/crater

CVE-2025-3044 – ArxivReader MD5 Hash Collision Vulnerability

Related Posts