FKIE_CVE-2024-3025

Vulnerability from fkie_nvd - Published: 2024-04-10 17:15 - Updated: 2025-07-09 19:50
Severity ?
9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
References
security@huntr.devhttps://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5cePatch
security@huntr.devhttps://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062bExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5cePatch
af854a3a-2127-422b-91ae-364da2661108https://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062bExploit, Third Party Advisory
Impacted products
Vendor Product Version
mintplexlabs anythingllm *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D667E32-5A5C-479C-BB81-47F3BCA38C13",
              "versionEndExcluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application\u0027s database."
    },
    {
      "lang": "es",
      "value": "mintplex-labs/anything-llm es vulnerable a ataques de path traversal debido a la validaci\u00f3n insuficiente de la entrada proporcionada por el usuario en la funcionalidad del nombre de archivo del logotipo. Los atacantes pueden aprovechar esta vulnerabilidad manipulando el nombre de archivo del logotipo para hacer referencia a archivos fuera del directorio restringido. Esto puede provocar la lectura o eliminaci\u00f3n no autorizada de archivos mediante el uso de los endpoints `/api/system/upload-logo` y `/api/system/logo`. El problema surge de la falta de filtrado o validaci\u00f3n en el nombre de archivo del logotipo, lo que permite a los atacantes apuntar a archivos confidenciales como la base de datos de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2024-3025",
  "lastModified": "2025-07-09T19:50:01.460",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-10T17:15:55.993",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5ce"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5ce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062b"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-23"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.