Blog
Apr 17, 2025
CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution
Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.
OffSec Team
2 min read
In February 2025, a critical vulnerability identified as CVE-2024-13059 was disclosed in AnythingLLM, an open-source framework for building self-hosted AI assistants. This flaw affects versions prior to 1.3.1 and arises from improper handling of non-ASCII filenames in the multer library, leading to a path traversal vulnerability. Attackers with manager or admin roles can exploit this to write files to arbitrary locations on the server, potentially resulting in remote code execution.
- CVE ID: CVE-2024-13059
- Severity: Critical
- CVSS Score: 9.1
- EPSS Score: 0.04%
- Published: February 10, 2025
- Affected Versions: AnythingLLM < 1.3.1
- Patched Version: 1.3.1
The vulnerability stems from how AnythingLLM handles file uploads using the multer middleware. When processing uploaded files with non-ASCII filenames, the application fails to properly sanitize the filenames. This oversight allows attackers to include directory traversal sequences like “../” in the filenames. As a result, files can be written to arbitrary locations on the server’s filesystem.
For instance, an attacker could upload a file with a name like “../../malicious.sh”, which would be saved outside the intended directory. By placing a malicious script in a location that’s executed by the system (e.g., startup scripts), the attacker can achieve remote code execution.
- Access to an AnythingLLM instance running a vulnerable version (< 1.3.1).
- Manager or admin privileges within the application.
- Craft a file with a non-ASCII filename that includes directory traversal sequences (e.g., ../../malicious.sh).
- Upload the file through the application’s interface.
- The application, due to improper sanitization, writes the file to the specified arbitrary location.
- If the file is placed in a directory that’s executed by the system (e.g., cron jobs, startup scripts), it can lead to remote code execution.
- Review upload logs for filenames containing suspicious patterns like ../.
- Monitor for unexpected file creations or modifications in sensitive directories.
- Set up file integrity monitoring to detect unauthorized changes.
- Implement intrusion detection systems to alert on unusual file access patterns.
Upgrade to AnythingLLM version 1.3.1 or later. This update addresses the vulnerability by properly sanitizing filenames during file uploads.
- Restrict file upload functionalities to trusted users.
- Implement additional validation checks on uploaded filenames to prevent directory traversal sequences.
- Isolate the application environment to limit the impact of potential exploits.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec
Research & Tutorials
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.
May 15, 2025
3 min read
Research & Tutorials
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
May 8, 2025
2 min read
Research & Tutorials
CVE-2025-29927: Next.js Middleware Authorization Bypass
In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.
May 1, 2025
3 min read