Cyber Resilience

CVE-2024-13059

HighPublic PoC

Published: 10 February 2025

Published
10 February 2025
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.6923 98.7th percentile
Risk Priority 56 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13059 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Mintplexlabs Anythingllm. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-13059 is a path traversal vulnerability in mintplex-labs/anything-llm versions prior to 1.3.1. It stems from improper handling of non-ASCII filenames by the multer library, where filename transformations can introduce unsanitized '../' sequences. The flaw is tracked under CWE-29 and CWE-22 and carries a CVSS 3.0 score of 7.2.

Attackers holding manager or admin roles can supply crafted filenames during file uploads to write arbitrary files to any location on the server filesystem, enabling remote code execution.

The referenced commit 0b7bf68f2c02ca68075970fbf85d5a70ca5e94ca and the associated huntr report document the fix that was released in version 1.3.1. The EPSS score has remained at 0.6923 with no material increase since disclosure.

EU & UK References

Vulnerability details

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The…

more

issue arises when the filename transformation introduces '../' sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal vulnerability enables arbitrary file write leading to RCE in a public-facing web application, directly facilitating exploitation of public-facing applications.

CVEs Like This One

CVE-2024-6842Same product: Mintplexlabs Anythingllm
CVE-2026-24478Same product: Mintplexlabs Anythingllm
CVE-2026-32628Same product: Mintplexlabs Anythingllm
CVE-2026-5627Same product: Mintplexlabs Anythingllm
CVE-2026-24477Same product: Mintplexlabs Anythingllm
CVE-2026-48116Same product: Mintplexlabs Anythingllm
CVE-2026-32617Same product: Mintplexlabs Anythingllm
CVE-2026-32626Same product: Mintplexlabs Anythingllm
CVE-2026-41691Shared CWE-22
CVE-2025-64075Shared CWE-22

Affected Assets

mintplexlabs
anythingllm
≤ 1.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of incoming filenames to block path traversal sequences introduced by non-ASCII transformations in the multer library.

prevent

SI-2 ensures timely remediation of the path traversal flaw by applying vendor patches such as upgrading to Anything-LLM version 1.3.1.

prevent

SI-9 restricts file upload inputs to safe filename patterns, rejecting those with potential traversal characters like '../'.

References