Login Sign Up

CVE-2024-8248

7.2 HIGH
Path Traversal

📋 TL;DR

A path traversal vulnerability in the normalizePath function of mintplex-labs/anything-llm allows attackers to read and write arbitrary files within the storage directory. This can lead to privilege escalation from manager to admin roles. Users running versions before 1.2.2 are affected.

💻 Affected Systems

Products:
  • mintplex-labs/anything-llm
Versions: All versions before 1.2.2
Operating Systems: All platforms running anything-llm
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the normalizePath function and affects all default installations.

📦 What is this software?

Anythingllm by Mintplexlabs

View all CVEs affecting Anythingllm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary file write leading to remote code execution, data exfiltration, and complete administrative control.

🟠

Likely Case

Unauthorized file access and modification within the storage directory, potentially exposing sensitive data and enabling privilege escalation.

🟢

If Mitigated

Limited impact if proper file permissions and network segmentation are implemented, restricting access to critical system files.

🌐 Internet-Facing: HIGH - If the application is exposed to the internet, attackers can exploit this vulnerability remotely.
🏢 Internal Only: MEDIUM - Internal attackers with manager access could exploit this to gain admin privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires manager-level access to exploit. The vulnerability is in path normalization logic that can be bypassed with crafted inputs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.2

Vendor Advisory: https://github.com/mintplex-labs/anything-llm/commit/47a5c7126c20e2277ee56e2c7ee11990886a40a7

Restart Required: No

Instructions:

1. Update to version 1.2.2 or later. 2. Pull the latest code from the repository. 3. Restart the application if it's running as a service.

🔧 Temporary Workarounds

Restrict file permissions

all

Set strict file permissions on the storage directory to prevent unauthorized access.

chmod 750 /path/to/storage
chown root:www-data /path/to/storage

Network segmentation

all

Isolate the anything-llm instance from critical systems and restrict network access.

🧯 If You Can't Patch

  • Implement strict access controls and monitor for suspicious file operations
  • Deploy web application firewall rules to detect and block path traversal attempts

🔍 How to Verify

Check if Vulnerable:

Check if your anything-llm version is below 1.2.2 by examining the version file or package.json.

Check Version:

grep version package.json || cat VERSION

Verify Fix Applied:

Verify the version is 1.2.2 or higher and test path traversal attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in storage directory
  • Failed path normalization attempts
  • Multiple ../ sequences in file paths

Network Indicators:

  • HTTP requests containing path traversal sequences like ../..

SIEM Query:

source="web_logs" AND (uri="*../*" OR uri="*..%2f*")

📊 Metadata

CVE ID: CVE-2024-8248
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-29
EPSS Score: 0.24% exploit probability (47th percentile)
Published: March 20, 2025
Last Updated: July 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8248, you might also want to check these:

CVE-2024-2083 9.9

A directory traversal vulnerability in the zenml-io/zenml repository allows attackers to read arbitr...

Same vulnerability type (CWE-29)
CVE-2024-2624 9.8

This vulnerability allows attackers to perform path traversal and arbitrary file uploads in the loll...

Same vulnerability type (CWE-29)
CVE-2024-2358 9.8

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows att...

Same vulnerability type (CWE-29)