{"data":{"id":"482db9d7-787a-4492-abec-fcf6e00b69c4","title":"CVE-2025-21604: LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 ","summary":"LangChain4j-AIDeepin, a RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) project, uses MD5 (a weak cryptographic hashing function) to hash files in versions before 3.5.0, which can cause file upload conflicts when different files produce the same hash value. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.9 and is classified as medium severity.","solution":"Update to version 3.5.0 or later. According to the source, 'This issue is fixed in 3.5.0.'","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-21604","publishedAt":"2025-01-06T21:15:30.927Z","cveId":"CVE-2025-21604","cweIds":["CWE-328"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain4j-AIDeepin"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00063,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-20"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}