CVE-2025-4546

Medium CVSS: 5.1

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.10.8 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure.

Vendor

Maxkb

Product

Maxkb

CWE

CWE-74

Yayın Tarihi

2025-05-11 20:15:18

Güncelleme

2025-07-08 17:08:09

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Maxkb MEDIUM Maxkb 2025

Referanslar

https://github.com/yaowenxiao721/Poc/blob/main/MaxKB/MaxKB-poc1.md https://vuldb.com/?ctiid.308293 https://vuldb.com/?id.308293 https://vuldb.com/?submit.566517 https://github.com/yaowenxiao721/Poc/blob/main/MaxKB/MaxKB-poc1.md

Benzer Kayıtlar

High

CVE-2025-66419

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to…

High

CVE-2025-66446

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow…

High

CVE-2025-64511

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network serv…

Medium

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations b…

Medium

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed be…

Medium

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution…