CVE-2025-53927 Information
Jul 18, 2025
cve
Description
MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0 the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore an attacker can use the shutil.copy2 method in Python to copy the command they want to execute to the executable directory. This bypasses directory restrictions and reverse shell. Version 2.0.0 fixes the issue.
Reference
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xhm-4j3v-87m4
Related CNNVD
CNNVD-202507-2301 (Published: 2025-07-17)
Share on: