CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

In February 2025, a critical vulnerability identified as CVE-2024-13059 was disclosed in AnythingLLM, an open-source framework for building self-hosted AI assistants. This flaw affects versions prior to 1.3.1 and arises from improper handling of non-ASCII filenames in the multer library, leading to a path traversal vulnerability. Attackers with manager or admin roles can exploit this to write files to arbitrary locations on the server, potentially resulting in remote code execution.​

• CVE ID: CVE-2024-13059
• Severity: Critical
• CVSS Score: 9.1
• EPSS Score: 0.04%
• Published: February 10, 2025
• Affected Versions: AnythingLLM < 1.3.1
• Patched Version: 1.3.1

The vulnerability stems from how AnythingLLM handles file uploads using the multer middleware. When processing uploaded files with non-ASCII filenames, the application fails to properly sanitize the filenames. This oversight allows attackers to include directory traversal sequences like “../” in the filenames. As a result, files can be written to arbitrary locations on the server’s filesystem.

For instance, an attacker could upload a file with a name like “../../malicious.sh”, which would be saved outside the intended directory. By placing a malicious script in a location that’s executed by the system (e.g., startup scripts), the attacker can achieve remote code execution.

• Access to an AnythingLLM instance running a vulnerable version (< 1.3.1).
• Manager or admin privileges within the application.
  

1. Craft a file with a non-ASCII filename that includes directory traversal sequences (e.g., ../../malicious.sh).
2. Upload the file through the application’s interface.
3. The application, due to improper sanitization, writes the file to the specified arbitrary location.
4. If the file is placed in a directory that’s executed by the system (e.g., cron jobs, startup scripts), it can lead to remote code execution. 

• Review upload logs for filenames containing suspicious patterns like ../.
• Monitor for unexpected file creations or modifications in sensitive directories.​

• Set up file integrity monitoring to detect unauthorized changes.
• Implement intrusion detection systems to alert on unusual file access patterns.​

Upgrade to AnythingLLM version 1.3.1 or later. This update addresses the vulnerability by properly sanitizing filenames during file uploads.​

• Restrict file upload functionalities to trusted users.
• Implement additional validation checks on uploaded filenames to prevent directory traversal sequences.
• Isolate the application environment to limit the impact of potential exploits.​

• NVD CVE-2024-13059
• GitHub Advisory
• Huntr Report