CVE-2025-64511

High CVSS: 7.4

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue.

Vendor

Maxkb

Product

Maxkb

CWE

CWE-918

Yayın Tarihi

2025-11-13 16:15:56

Güncelleme

2025-12-04 15:13:37

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Maxkb HIGH Maxkb 2025

Referanslar

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-9287-g7px-9rp4

Benzer Kayıtlar

High

CVE-2025-66419

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to…

High

CVE-2025-66446

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow…

Medium

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations b…

Medium

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed be…

Medium

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution…

Medium

CVE-2025-48950

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution p…