CVE-2025-48950

MaxKB Python Sandbox Bypass in Function Library

Description

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.

INFO

Published Date :

2025-06-03T18:16:09.060Z

Last Modified :

2025-06-03T18:36:25.824Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-48950 vulnerability.

Vendors	Products
Maxkb	Maxkb

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48950.

URL	Resource
https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005
https://github.com/1Panel-dev/MaxKB/pull/3127
https://github.com/1Panel-dev/MaxKB/releases/tag/v1.10.8-lts
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-p2qq-x9j2-px8v

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact