Execution Permission Flaw in MaxKB Open-Source AI Assistant
CVE-2025-48950

5.8MEDIUM

Key Information:

Vendor

1panel-dev

Status
Maxkb
Vendor
CVE Published:
3 June 2025

What is CVE-2025-48950?

The MaxKB open-source AI assistant for enterprise has a significant execution permission flaw. Prior to version 1.10.8-lts, the Sandbox only implements restrictions on the execution of binary files located in common directories such as /bin and /usr/bin. This fails to account for executable files in other non-blacklisted directories, leaving the system exposed to potential attacks. Attackers may exploit this oversight to execute malicious code, compromising the integrity and security of the application. Upgrading to version 1.10.8-lts addresses this vulnerability and enhances overall security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MaxKB < 1.10.8-lts

References

https://github.com/1Panel-dev/MaxKB/security/advisories/G...
x_refsource_CONFIRM
https://github.com/1Panel-dev/MaxKB/pull/3127
x_refsource_MISC
https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1eb...
x_refsource_MISC

CVSS V4

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.