Unauthenticated Denial of Service Vulnerability in Anything-LLM by Mintplex Labs
CVE-2024-8249

7.5HIGH

Key Information:

Vendor: Mintplex-labs
Status: Mintplex-labs/anything-llm
Vendor: CVE Published:; 20 March 2025

🔔 Create Mintplex-labs Vulnerability Alert

What is CVE-2024-8249?

The Anything-LLM product by Mintplex Labs is vulnerable to an unauthenticated Denial of Service issue within its embeddable chat API. An attacker can exploit this vulnerability by submitting a specially crafted malformed JSON payload to the API endpoint. This action triggers an uncaught exception, potentially leading to a server crash. It is essential for users of Anything-LLM to upgrade to version 1.2.2 or later to mitigate this risk. For more information, refer to the commit and the bounty details.

Affected Version(s)

mintplex-labs/anything-llm < 1.2.2

References

https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7...

https://github.com/mintplex-labs/anything-llm/commit/548d...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Aug 27, 2024