
Apr 17, 2025
CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution
Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.
In February 2025, a critical vulnerability identified as CVE-2024-13059 was disclosed in AnythingLLM, an open-source framework for building self-hosted AI assistants. This flaw affects versions prior to 1.3.1 and arises from improper handling of non-ASCII filenames in the multer library, leading to a path traversal vulnerability. Attackers with manager or admin roles can exploit this to write files to arbitrary locations on the server, potentially resulting in remote code execution.
- CVE ID: CVE-2024-13059
- Severity: Critical
- CVSS Score: 9.1
- EPSS Score: 0.04%
- Published: February 10, 2025
- Affected Versions: AnythingLLM < 1.3.1
- Patched Version: 1.3.1
The vulnerability stems from how AnythingLLM handles file uploads using the multer middleware. When processing uploaded files with non-ASCII filenames, the application fails to properly sanitize the filenames. This oversight allows attackers to include directory traversal sequences like “../” in the filenames. As a result, files can be written to arbitrary locations on the server’s filesystem.
For instance, an attacker could upload a file with a name like “../../malicious.sh”, which would be saved outside the intended directory. By placing a malicious script in a location that’s executed by the system (e.g., startup scripts), the attacker can achieve remote code execution.
- Access to an AnythingLLM instance running a vulnerable version (< 1.3.1).
- Manager or admin privileges within the application.
- Craft a file with a non-ASCII filename that includes directory traversal sequences (e.g., ../../malicious.sh).
- Upload the file through the application’s interface.
- The application, due to improper sanitization, writes the file to the specified arbitrary location.
- If the file is placed in a directory that’s executed by the system (e.g., cron jobs, startup scripts), it can lead to remote code execution.
- Review upload logs for filenames containing suspicious patterns like ../.
- Monitor for unexpected file creations or modifications in sensitive directories.
- Set up file integrity monitoring to detect unauthorized changes.
- Implement intrusion detection systems to alert on unusual file access patterns.
Upgrade to AnythingLLM version 1.3.1 or later. This update addresses the vulnerability by properly sanitizing filenames during file uploads.
- Restrict file upload functionalities to trusted users.
- Implement additional validation checks on uploaded filenames to prevent directory traversal sequences.
- Isolate the application environment to limit the impact of potential exploits.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro
An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.
Jun 5, 2025
2 min read

Insights
OffSec’s Take on the Global Generative AI Adoption Index
Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.
May 30, 2025
3 min read

Research & Tutorials
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.
May 29, 2025
2 min read