CVE-2025-64703

EUVD-2025-175301
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
maxkbmaxkb
𝑥
< 2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-qwvm-x4xh-g2qq