Bug 2403577 (CVE-2025-7707)

Summary:	CVE-2025-7707 llama-index: World-Writable Cache Directory Vulnerability in llama_index
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	haoli, hkataria, jajackso, jcammara, jmitchel, jneedle, kegrant, koliveir, kshier, mabashia, pbraun, shvarugh, simaishi, smcdonal, stcannon, teagle, tfister, thavo, yguenane
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	The llama_index library sets the NLTK data directory to a subdirectory of the codebase by default (e.g., _static/nltk_cache inside the package directory). In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user can overwrite, delete, or corrupt NLTK data files, leading to denial of service, data tampering, or potentially privilege escalation if a vulnerable data loader is present.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-13 17:01:28 UTC

The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service.