CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2` method in Python to copy the command they want to execute to the executable directory. This bypasses directory restrictions and reverse shell. Version 2.0.0 fixes the issue.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0	Release Notes
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xhm-4j3v-87m4	Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:maxkb:maxkb:*:*:*:*:lts:*:*:*

History

02 Aug 2025, 01:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:maxkb:maxkb:::::lts:::*
Summary		(es) MaxKB es un asistente de IA de código abierto para empresas. Antes de la versión 2.0.0, las reglas de diseño de la sandbox no se podían eludir, ya que MaxKB solo restringía los permisos de ejecución de los archivos en un directorio específico. Por lo tanto, un atacante podía usar el método `shutil.copy2` en Python para copiar el comando que desea ejecutar al directorio ejecutable. Esto elude las restricciones de directorio y el shell inverso. La versión 2.0.0 soluciona este problema.
First Time		Maxkb maxkb Maxkb
References	~~() https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 -~~	() https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 - Release Notes
References	~~() https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xhm-4j3v-87m4 -~~	() https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xhm-4j3v-87m4 - Vendor Advisory, Exploit

17 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 14:15

Updated : 2025-08-02 01:34

NVD link : CVE-2025-53927

Mitre link : CVE-2025-53927

CVE.ORG link : CVE-2025-53927

JSON object : View

Products Affected

maxkb

maxkb

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-53927", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.0}]}, "published": "2025-07-17T14:15:32.403", "references": [{"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xhm-4j3v-87m4", "tags": ["Vendor Advisory", "Exploit"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2` method in Python to copy the command they want to execute to the executable directory. This bypasses directory restrictions and reverse shell. Version 2.0.0 fixes the issue."}, {"lang": "es", "value": "MaxKB es un asistente de IA de c\u00f3digo abierto para empresas. Antes de la versi\u00f3n 2.0.0, las reglas de dise\u00f1o de la sandbox no se pod\u00edan eludir, ya que MaxKB solo restring\u00eda los permisos de ejecuci\u00f3n de los archivos en un directorio espec\u00edfico. Por lo tanto, un atacante pod\u00eda usar el m\u00e9todo `shutil.copy2` en Python para copiar el comando que desea ejecutar al directorio ejecutable. Esto elude las restricciones de directorio y el shell inverso. La versi\u00f3n 2.0.0 soluciona este problema."}], "lastModified": "2025-08-02T01:34:28.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maxkb:maxkb:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "2F17581A-45A6-42F7-99F1-5F37BCCA13F3", "versionEndExcluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}