Plattform
nodejs
Komponente
anything-llm
Behoben in
1.5.12
1.6.6
CVE-2024-8196 is a critical vulnerability affecting versions of Anything LLM (≤1.6.5) for Windows. The application, by default, opens a server port (3001) on 0.0.0.0 without authentication. This lack of security controls allows an attacker to gain complete backend access, potentially leading to severe data compromise.
The primary impact of CVE-2024-8196 is the ability for an attacker to gain full backend access to the Anything LLM application. Because the server port is open without authentication, anyone on the network (or potentially the internet, depending on network configuration) can connect and execute commands. This includes the ability to delete all data from the workspace, effectively rendering the application unusable and potentially causing significant data loss. The blast radius extends to any system running an affected version of Anything LLM that is accessible to a malicious actor. This vulnerability shares similarities with other exposed backend services lacking authentication, where attackers can leverage simple network tools to gain control.
CVE-2024-8196 was publicly disclosed on 2025-03-20. The vulnerability's simplicity and the potential for significant data loss suggest a medium probability of exploitation. No public proof-of-concept code has been released as of this writing, but the ease of exploitation makes it likely that such code will emerge. It is not currently listed on the CISA KEV catalog.
Users of Anything LLM running on Windows, particularly those with network configurations that allow external access to their local machines, are at significant risk. Shared hosting environments or deployments where the application is exposed to the internet are especially vulnerable.
• nodejs / server:
netstat -an | grep 3001• windows / supply-chain:
Get-Process -Port 3001• generic web:
curl http://localhost:3001/ # Check for response without authenticationdisclosure
Exploit-Status
EPSS
0.20% (42% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-8196 is to immediately upgrade to version 1.6.5 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the server functionality by modifying the application's configuration files to prevent it from opening port 3001. Network-based mitigations, such as firewall rules blocking access to port 3001 from external sources, can also reduce the attack surface. After upgrading, confirm the vulnerability is resolved by attempting to connect to port 3001 from a separate machine and verifying that authentication is required.
Aktualisieren Sie Anything LLM auf Version 1.6.5 oder höher. Diese Version behebt die fehlende Authentifizierung an Port 3001 und verhindert so unautorisierten Zugriff auf das Backend. Das Update kann durchgeführt werden, indem die neue Version von der offiziellen Website heruntergeladen oder der entsprechende Paketmanager verwendet wird.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-8196 is a critical vulnerability in Anything LLM (≤1.6.5) where the application exposes a backend server port (3001) without authentication, allowing attackers to gain full backend access.
Yes, if you are using Anything LLM version 1.6.5 or earlier on Windows, you are potentially affected by this vulnerability.
Upgrade to version 1.6.5 or later. If immediate upgrade is not possible, temporarily disable the server functionality or implement firewall rules to block access to port 3001.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests a potential for exploitation.
Refer to the mintplex-labs/anything-llm project repository and related channels for official advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.