Plateforme
nodejs
Composant
anything-llm
Corrigé dans
1.5.12
1.6.6
CVE-2024-8196 is a critical vulnerability affecting versions of Anything LLM (≤1.6.5) for Windows. The application, by default, opens a server port (3001) on 0.0.0.0 without authentication. This lack of security controls allows an attacker to gain complete backend access, potentially leading to severe data compromise.
The primary impact of CVE-2024-8196 is the ability for an attacker to gain full backend access to the Anything LLM application. Because the server port is open without authentication, anyone on the network (or potentially the internet, depending on network configuration) can connect and execute commands. This includes the ability to delete all data from the workspace, effectively rendering the application unusable and potentially causing significant data loss. The blast radius extends to any system running an affected version of Anything LLM that is accessible to a malicious actor. This vulnerability shares similarities with other exposed backend services lacking authentication, where attackers can leverage simple network tools to gain control.
CVE-2024-8196 was publicly disclosed on 2025-03-20. The vulnerability's simplicity and the potential for significant data loss suggest a medium probability of exploitation. No public proof-of-concept code has been released as of this writing, but the ease of exploitation makes it likely that such code will emerge. It is not currently listed on the CISA KEV catalog.
Users of Anything LLM running on Windows, particularly those with network configurations that allow external access to their local machines, are at significant risk. Shared hosting environments or deployments where the application is exposed to the internet are especially vulnerable.
• nodejs / server:
netstat -an | grep 3001• windows / supply-chain:
Get-Process -Port 3001• generic web:
curl http://localhost:3001/ # Check for response without authenticationdisclosure
Statut de l'Exploit
EPSS
0.20% (percentile 42%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-8196 is to immediately upgrade to version 1.6.5 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the server functionality by modifying the application's configuration files to prevent it from opening port 3001. Network-based mitigations, such as firewall rules blocking access to port 3001 from external sources, can also reduce the attack surface. After upgrading, confirm the vulnerability is resolved by attempting to connect to port 3001 from a separate machine and verifying that authentication is required.
Mettez à jour Anything LLM à la version 1.6.5 ou supérieure. Cette version corrige le manque d'authentification sur le port 3001, empêchant l'accès non autorisé au backend. La mise à jour peut être effectuée en téléchargeant la nouvelle version depuis le site web officiel ou en utilisant le gestionnaire de paquets correspondant.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-8196 is a critical vulnerability in Anything LLM (≤1.6.5) where the application exposes a backend server port (3001) without authentication, allowing attackers to gain full backend access.
Yes, if you are using Anything LLM version 1.6.5 or earlier on Windows, you are potentially affected by this vulnerability.
Upgrade to version 1.6.5 or later. If immediate upgrade is not possible, temporarily disable the server functionality or implement firewall rules to block access to port 3001.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests a potential for exploitation.
Refer to the mintplex-labs/anything-llm project repository and related channels for official advisories and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.