Cyber Resilience

CVE-2024-0549

HighPublic PoC

Published: 16 April 2024

Published
16 April 2024
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0025 48.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0549 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Mintplexlabs Anythingllm. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 48.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Data-Related Vulnerabilities risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).

EU & UK References

Vulnerability details

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and…

more

normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
mintplex-labs/anything-llm is an open-source platform for multi-user LLM applications, enabling document chatting and AI assistant features, fitting the Enterprise AI Assistants category. The vulnerability is a path traversal in its file/folder deletion functionality.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
T1561.001 Disk Content Wipe Impact
Adversaries may erase the contents of storage devices on specific systems or in large numbers in a network to interrupt availability to system and network resources.
Why these techniques?

Relative path traversal allows unauthorized file and folder deletion, including critical databases, enabling indicator removal via file deletion (T1070.004), general file deletion for disruption (T1107), data destruction (T1485), and disk content wipe (T1561.001).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

mintplexlabs
anythingllm
≤ 1.0.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References