CVE-2025-7647 — Vulnetix

CVE-2025-7647 PUBLISHED CVSS 7.300000190734863 HIGH

llama-index-core insecurely handles temporary files

EPSS 0.02% · 6.1th percentile

Risk Scores

CVSS 3.0

7.300000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.02%

6.1th percentile

Affected Products

Vendor	Product	Versions
PyPI	llama-index-core	0
run-llama	run-llama/llama_index	unspecified

Exploit Intelligence

CIRCL seen: CVE-2025-7647 (circl-sighting)
https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e (circl)
https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4 (circl)

Timeline

Sep 27, 2025 CVE Published
Sep 28, 2025 EPSS Score
Sep 28, 2025 PoC Published
Sep 29, 2025 CVE Updated
Oct 5, 2025 EPSS Score
Oct 11, 2025 EPSS Score
Oct 18, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Oct 31, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 14, 2025 EPSS Score
Nov 21, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›