Medium severity6.3OSV Advisory· Published Sep 15, 2025· Updated Apr 29, 2026

CVE-2025-10433

Description

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.1.1 is capable of addressing this issue. It is suggested to upgrade the affected component.

Affected products

1panel Dev/MaxkbOSV
Range: v0.9.0, v0.9.1, v1.0.0, …

Patches

fd119604d15b

https://github.com/1Panel-dev/MaxKBvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/1Panel-dev/MaxKB/releases/tag/v2.1.1nvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd
zealous-brand-b4a.notion.site/MaxKB-2-1-0-tool-debug-RCE-2647244a828c80e7850dc6503061b88bnvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000