CVE-2024-12866 – A local file inclusion vulnerability in netease... (How to Fix)

Q: What is the severity of CVE-2024-12866?

CVE-2024-12866 has a CVSS score of 7.5 (HIGH). A local file inclusion vulnerability in netease-youdao/qanything v2.0.0 allows attackers to read arbitrary files on the file system. This can lead to sensitive data exposure including SSH keys, configuration files, and source code, potentially enabling remote code execution. Users running this specific version are affected.

📋 TL;DR

A local file inclusion vulnerability in netease-youdao/qanything v2.0.0 allows attackers to read arbitrary files on the file system. This can lead to sensitive data exposure including SSH keys, configuration files, and source code, potentially enabling remote code execution. Users running this specific version are affected.

💻 Affected Systems

Products:

netease-youdao/qanything

Versions: v2.0.0

Operating Systems: All operating systems where qanything is deployed

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of version v2.0.0. No special configuration is required for exploitation.

📦 What is this software?

Qanything by Youdao

View all CVEs affecting Qanything →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution by retrieving SSH keys or sensitive configuration files, leading to data theft, lateral movement, and complete system control.

🟠

Likely Case

Sensitive data exposure including source code, configuration files, and user data, potentially enabling further attacks or intellectual property theft.

🟢

If Mitigated

Limited file access restricted by proper file permissions and application sandboxing, preventing access to critical system files.

🌐 Internet-Facing: HIGH - If the application is exposed to the internet, attackers can remotely exploit this vulnerability without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires some level of access to the application.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of the application's file handling mechanisms and ability to craft malicious requests. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after v2.0.0 (check latest release)

Vendor Advisory: https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64

Restart Required: No

Instructions:

1. Check current version with appropriate package manager or version command. 2. Update to the latest version of qanything using your package manager or from official repository. 3. Verify the update was successful.

🔧 Temporary Workarounds

Restrict file system access

all

Implement strict file permissions and application sandboxing to limit what files the application can access.

chmod 750 /path/to/qanything
chown root:root /path/to/qanything

Input validation and sanitization

all

Implement strict input validation on all file path parameters to prevent directory traversal attempts.

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the application
Deploy web application firewall (WAF) rules to detect and block file inclusion attempts

🔍 How to Verify

Check if Vulnerable:

Check if running qanything version v2.0.0. Review application logs for suspicious file access patterns or directory traversal attempts.

Check Version:

Check with your package manager or run 'qanything --version' if available

Verify Fix Applied:

Verify the application version is no longer v2.0.0. Test file inclusion attempts to confirm they are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Directory traversal strings in request logs
Access to sensitive system files

Network Indicators:

HTTP requests containing '../' sequences or absolute file paths
Unusual file download patterns

SIEM Query:

source="web_logs" AND (uri="*../*" OR uri="*/etc/*" OR uri="*/home/*" OR uri="*/root/*")

📊 Metadata

CVE ID: CVE-2024-12866

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.25% exploit probability (47.6th percentile)

Published: March 20, 2025

Last Updated: August 1, 2025

🔗 References

https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12866, you might also want to check these: