CVE-2025-53928

Medium CVSS: 4.6

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.

Vendor

Maxkb

Product

Maxkb

CWE

CWE-94

Yayın Tarihi

2025-07-17 14:15:32

Güncelleme

2025-08-02 01:35:53

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Maxkb MEDIUM Maxkb 2025

Referanslar

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-38q2-4mm7-qf5h

Benzer Kayıtlar

High

CVE-2025-66419

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to…

High

CVE-2025-66446

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow…

High

CVE-2025-64511

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network serv…

Medium

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations b…

Medium

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed be…

Medium

CVE-2025-48950

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution p…