Unrated severityNVD Advisory· Published Nov 13, 2025· Updated Nov 13, 2025
MaxKB has SSRF in sandbox
CVE-2025-64511
Description
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.3.1+ 1 more
- (no CPE)range: <2.3.1
- (no CPE)range: < 2.3.1
Patches
Vulnerability mechanics
References
1- github.com/1Panel-dev/MaxKB/security/advisories/GHSA-9287-g7px-9rp4mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.