CVE-2025-48950
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
03/06/2025
Last modified:
04/06/2025
Description
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.
Impact
Base Score 4.0
5.80
Severity 4.0
MEDIUM