Is CVE-2024-3025 actively exploited?

CVE-2024-3025 has no public evidence of in-the-wild exploitation as of 2025-07-09.

What is the CVSS score for CVE-2024-3025?

CVE-2024-3025 has a CVSS score of 9.9 (CRITICAL severity). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2024-3025?

Patch guidance is available from mintplexlabs security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-3025.

Which products are affected by CVE-2024-3025?

1 product: mintplexlabs anythingllm.

Fix CVE-2024-3025 - CRITICAL mintplexlabs anythingllm

Description

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-23

Metadata

Primary Vendor: MINTPLEXLABS
Published: 4/10/2024
Last Modified: 7/9/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mintplexlabs : anythingllm

Remediation Guidance

Executive Summary

Cite this page

CVE-2024-3025. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2024-3025

View on NIST NVD

CVE-2024-3025 vulnerability