In February 2025, a critical vulnerability identified as CVE-2024-13059 was disclosed in AnythingLLM, an open-source framework for building self-hosted AI assistants. This flaw affects versions prior to 1.3.1 and arises from improper handling of non-ASCII filenames in the multer library, leading to a path traversal vulnerability. Attackers with manager or admin roles can exploit this to write files to arbitrary locations on the server, potentially resulting in remote code execution.
- CVE ID: CVE-2024-13059
- Severity: Critical
- CVSS Score: 9.1
- EPSS Score: 0.04%
- Published: February 10, 2025
- Affected Versions: AnythingLLM < 1.3.1
- Patched Version: 1.3.1
The vulnerability stems from how AnythingLLM handles file uploads using the multer middleware. When processing uploaded files with non-ASCII filenames, the application fails to properly sanitize the filenames. This oversight allows attackers to include directory traversal sequences like “../” in the filenames. As a result, files can be written to arbitrary locations on the server’s filesystem.
For instance, an attacker could upload a file with a name like “../../malicious.sh”, which would be saved outside the intended directory. By placing a malicious script in a location that’s executed by the system (e.g., startup scripts), the attacker can achieve remote code execution.
- Access to an AnythingLLM instance running a vulnerable version (< 1.3.1).
- Manager or admin privileges within the application.
- Craft a file with a non-ASCII filename that includes directory traversal sequences (e.g., ../../malicious.sh).
- Upload the file through the application’s interface.
- The application, due to improper sanitization, writes the file to the specified arbitrary location.
- If the file is placed in a directory that’s executed by the system (e.g., cron jobs, startup scripts), it can lead to remote code execution.
- Review upload logs for filenames containing suspicious patterns like ../.
- Monitor for unexpected file creations or modifications in sensitive directories.
- Set up file integrity monitoring to detect unauthorized changes.
- Implement intrusion detection systems to alert on unusual file access patterns.
Upgrade to AnythingLLM version 1.3.1 or later. This update addresses the vulnerability by properly sanitizing filenames during file uploads.
- Restrict file upload functionalities to trusted users.
- Implement additional validation checks on uploaded filenames to prevent directory traversal sequences.
- Isolate the application environment to limit the impact of potential exploits.
