VYPR
Unrated severityNVD Advisory· Published Jun 3, 2025· Updated Jun 3, 2025

MaxKB Python Sandbox Bypass in Function Library

CVE-2025-48950

Description

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 1panel Dev/Maxkbllm-fuzzy2 versions
    <1.10.8-lts+ 1 more
    • (no CPE)range: <1.10.8-lts
    • (no CPE)range: < 1.10.8-lts

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.