CVE-2024-10109 in anything-llm
Summary
by MITRE • 03/20/2025
A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/12/2025
The vulnerability identified as CVE-2024-10109 represents a critical authorization flaw within the mintplex-labs/anything-llm repository that undermines the security posture of the application. This issue manifests through an insufficient access control mechanism that permits users with minimal privileges to gain unauthorized access to sensitive system endpoints. The specific endpoint "/api/system/custom-models" serves as the attack vector for this vulnerability, where low privilege users can manipulate critical configuration parameters that govern how the application interacts with external AI services. The vulnerability exists in the repository's commit 5c40419, indicating that this authorization bypass has been present in the codebase for some time, potentially exposing systems to prolonged risk.
The technical exploitation of this vulnerability stems from a lack of proper authentication and authorization checks within the API endpoint implementation. When users access the "/api/system/custom-models" endpoint, they can modify the API key and base path parameters that control how the system communicates with external model providers. This flaw directly violates the principle of least privilege and demonstrates poor input validation practices. The vulnerability allows attackers to replace legitimate API keys with their own credentials, potentially enabling them to consume services from the compromised account or redirect traffic to malicious endpoints. Additionally, by modifying the base path parameter, attackers can cause the system to fail in establishing connections with legitimate services, resulting in denial of service conditions that disrupt chat functionality for legitimate users.
The operational impact of this vulnerability extends beyond simple data exposure to encompass broader service availability and integrity concerns. When low privilege users can modify API keys, they gain the ability to leak sensitive credentials that may have been configured for high-value services such as cloud computing platforms, database services, or specialized AI model providers. This credential leakage could result in unauthorized usage charges, data breaches, or compromise of other systems that rely on these API keys. The denial of service aspect of this vulnerability creates a more immediate operational disruption, as chat functionality becomes unavailable when the system cannot properly connect to external services due to manipulated endpoint configurations. This impacts user experience and can potentially affect business continuity for organizations relying on the application for customer support or automated interactions.
Mitigation strategies for CVE-2024-10109 should focus on implementing robust access control mechanisms and input validation procedures. Organizations should immediately enforce proper authentication checks on the "/api/system/custom-models" endpoint, ensuring that only administrators or users with appropriate privileges can modify system configuration parameters. The implementation of role-based access control (RBAC) principles should be enforced to prevent unauthorized access to sensitive system endpoints. Input validation and sanitization should be strengthened to prevent malicious parameter manipulation, while proper logging and monitoring should be implemented to detect unauthorized access attempts. This vulnerability aligns with CWE-285 which addresses insufficient authorization issues, and it can be categorized under ATT&CK technique T1078 for valid accounts and T1499 for endpoint denial of service. Regular security audits and code reviews should be conducted to identify similar authorization flaws in the application's API endpoints, and automated security scanning tools should be employed to detect such issues before they can be exploited in production environments.