CVE-2025-48950

Medium CVSS: 5.8

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.

Vendor

Maxkb

Product

Maxkb

CWE

CWE-276

Yayın Tarihi

2025-06-03 19:15:39

Güncelleme

2025-08-06 19:13:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-276 Maxkb MEDIUM Maxkb 2025

Referanslar

https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005 https://github.com/1Panel-dev/MaxKB/pull/3127 https://github.com/1Panel-dev/MaxKB/releases/tag/v1.10.8-lts https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-p2qq-x9j2-px8v

Benzer Kayıtlar

High

CVE-2025-66419

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to…

High

CVE-2025-66446

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow…

High

CVE-2025-64511

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network serv…

Medium

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations b…

Medium

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed be…

Medium

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution…