CVE-2024-8248 HIGH

CVE-2024-8248: Path Traversal in mintplex-labs/anything-llm

Vendor Mintplex-Labs
Product mintplex-labs/anything-llm
Weakness CWE-29
Published March 20, 2025
Last update March 20, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated