CVE-2024-8249 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-8249?

CVE-2024-8249 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to crash the Anything-LLM server by sending malformed JSON payloads to the embeddable chat API endpoint. It affects all systems running vulnerable versions of mintplex-labs/anything-llm, potentially causing service disruption and downtime.

📋 TL;DR

This vulnerability allows unauthenticated attackers to crash the Anything-LLM server by sending malformed JSON payloads to the embeddable chat API endpoint. It affects all systems running vulnerable versions of mintplex-labs/anything-llm, potentially causing service disruption and downtime.

💻 Affected Systems

Products:

mintplex-labs/anything-llm

Versions: All versions before 1.2.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the embeddable chat API endpoint specifically; requires the chat functionality to be enabled.

📦 What is this software?

Anythingllm by Mintplexlabs

View all CVEs affecting Anythingllm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage with server crashes, requiring manual restart and potentially causing data loss or corruption in active sessions.

🟠

Likely Case

Temporary service disruption and downtime until the server is manually restarted, affecting all users of the chat functionality.

🟢

If Mitigated

Minimal impact with proper input validation and exception handling preventing crashes.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed JSON to the vulnerable API endpoint; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.2

Vendor Advisory: https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c

Restart Required: Yes

Instructions:

1. Update to version 1.2.2 or later. 2. Restart the Anything-LLM service. 3. Verify the fix by checking the version.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement a web application firewall or reverse proxy to filter malformed JSON requests before they reach the API endpoint.

API Endpoint Restriction

all

Restrict access to the embeddable chat API endpoint using network ACLs or authentication.

🧯 If You Can't Patch

Implement rate limiting on the API endpoint to reduce attack surface.
Deploy monitoring to detect and alert on malformed JSON payloads in logs.

🔍 How to Verify

Check if Vulnerable:

Check if the Anything-LLM version is below 1.2.2 and the embeddable chat API is accessible.

Check Version:

Check the application version in the web interface or configuration files.

Verify Fix Applied:

Confirm the version is 1.2.2 or later and test sending malformed JSON to the API endpoint to ensure it doesn't crash.

📡 Detection & Monitoring

Log Indicators:

Uncaught exception logs related to JSON parsing
Server crash/restart events
High volume of malformed requests to chat API

Network Indicators:

Spikes in requests to the embeddable chat API endpoint
Malformed JSON payloads in network traffic

SIEM Query:

source="anything-llm" AND (error OR exception OR crash) AND json

📊 Metadata

CVE ID: CVE-2024-8249

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-248

EPSS Score: 0.1% exploit probability (27.9th percentile)

Published: March 20, 2025

Last Updated: July 15, 2025

🔗 References

https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c Patch
https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7c6951f Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8249, you might also want to check these: