A major security flaw (CVE-2024-13059) was found in the open-source AI tool AnythingLLM. Discovered in February 2025, the bug lets attackers with admin access run harmful code remotely, putting systems at serious risk.
Vulnerability Details
- CVE ID: CVE-2024-13059
- Severity: Critical (CVSS 9.1)
- Exploitation Risk: Low (EPSS 0.04%)
- Affected Versions: AnythingLLM before version 1.3.1
- Fixed In: Version 1.3.1 (released February 10, 2025)
- Impact: Remote Code Execution through path traversal
How the Vulnerability Works
Offsec researchers found that the issue comes from how the multer library handles file uploads in AnythingLLM. Specifically, it doesn’t properly check filenames with non-ASCII characters and directory traversal patterns (like ../../malicious.sh).
An attacker with manager or admin access can upload a file with a crafted name, such as ../../malicious.js. Because of the filename issue, the app may save the file outside the intended upload folder.
For example, an attacker could place a file like ../../../etc/cron.d/exploit into a system directory. If this file gets executed—by a scheduled task or system script—it could give the attacker full control of the system.
This shows how a simple file upload, combined with elevated access and weak input checks, can lead to a serious system breach.
Organizations using AnythingLLM for tasks like customer support or internal data analysis should update immediately. Delaying the patch could risk data leaks, system downtime, or unauthorized access.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment