CRITICAL🇵🇱 Wersja polska

CVE-2024-3025

CVSS 9.9v3.0pub. 2024-04-10upd. 2025-07-09

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.

🤖 AI Analysis
How it works

The vulnerability results from lack of filtering and validation of the logo filename in the endpoints `/api/system/upload-logo` and `/api/system/logo`. An attacker with basic authentication level can manipulate the logo filename by inserting path traversal sequences (e.g., `../../`), allowing access to files outside the permitted directory. This makes it possible to both read and delete arbitrary files accessible to the application process, including the database.

Impact

An attacker can gain unauthorized access to sensitive application files (including the database) or permanently delete them, leading to data confidentiality breach and potential loss of system integrity and availability.

Mitigation & patch

Update the application to a version containing the fix introduced in commit 7de23dbb2da932fbfb39f56d981784d3702cf5ce available in the GitHub repository mintplex-labs/anything-llm. Details in the vendor references and huntr.com report.

Who is affected

mintplex-labs/anything-llm — versions indicated in vendor references (before commit 7de23dbb2da932fbfb39f56d981784d3702cf5ce)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Mintplexlabs Anythingllm

    APP
    Mintplexlabs
    < 1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2026-32626CRITICAL9.6PL ✓ten sam produkt

XSS eskalujący do RCE w AnythingLLM Desktop poprzez podatny renderer Electron

CVE-2024-3279CRITICAL9.1PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w AnythingLLM — nieautoryzowana manipulacja bazą danych

CVE-2024-3104CRITICAL9.8PL ✓ten sam produkt

RCE poprzez command injection w Mintplex Labs AnythingLLM

CVE-2024-3033CRITICAL9.4PL ✓ten sam produkt

Brak autoryzacji w AnythingLLM — destrukcyjny dostęp do VectorDB

CVE-2024-0404CRITICAL9.1PL ✓ten sam produkt

Mass assignment w anything-llm umożliwia nieautoryzowane tworzenie kont admin