CVE-2025-53927 — MEDIUM (4.6)

Q: How severe is CVE-2025-53927?

CVE-2025-53927 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-53927?

Check the references section above for vendor advisories and patch information. Affected products include: Maxkb Maxkb.

Vulnerability Description

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2` method in Python to copy the command they want to execute to the executable directory. This bypasses directory restrictions and reverse shell. Version 2.0.0 fixes the issue.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Maxkb	Maxkb	< 2.0.0

Related Weaknesses (CWE)

CWE-94

References

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0Release Notes
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xhm-4j3v-87m4ExploitVendor Advisory

FAQ

What is CVE-2025-53927?

CVE-2025-53927 is a vulnerability with a CVSS score of 4.6 (MEDIUM). MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific dire...

How severe is CVE-2025-53927?

CVE-2025-53927 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-53927?

Check the references section above for vendor advisories and patch information. Affected products include: Maxkb Maxkb.