CVE-2025-32383 – A reverse shell vulnerability in MaxKB's functi... (How to Fix)

Q: What is the severity of CVE-2025-32383?

CVE-2025-32383 has a CVSS score of 4.3 (MEDIUM). A reverse shell vulnerability in MaxKB's function library module allows privileged users to execute arbitrary code and establish remote shell access. This affects MaxKB deployments where users have administrative or elevated privileges. The vulnerability is mitigated in version 1.10.4-lts.

📋 TL;DR

A reverse shell vulnerability in MaxKB's function library module allows privileged users to execute arbitrary code and establish remote shell access. This affects MaxKB deployments where users have administrative or elevated privileges. The vulnerability is mitigated in version 1.10.4-lts.

💻 Affected Systems

Products:

MaxKB (Max Knowledge Base)

Versions: All versions before 1.10.4-lts

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires privileged user access to exploit; default installations with admin accounts are vulnerable.

📦 What is this software?

Maxkb by Maxkb

View all CVEs affecting Maxkb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker gains persistent remote access, exfiltrates sensitive data, installs malware, and pivots to other systems.

🟠

Likely Case

Malicious insider or compromised admin account creates reverse shell for data theft or lateral movement within the network.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated system compromise without lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated privileged access; reverse shell techniques are well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.10.4-lts

Vendor Advisory: https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-fjf6-6cvf-xr72

Restart Required: Yes

Instructions:

1. Backup MaxKB configuration and data. 2. Update to version 1.10.4-lts using your deployment method (Docker, package manager, etc.). 3. Restart the MaxKB service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Privileged Access

all

Limit administrative accounts to only trusted personnel and implement multi-factor authentication.

Network Segmentation

all

Isolate MaxKB instances from sensitive networks and implement egress filtering to block reverse shell connections.

🧯 If You Can't Patch

Implement strict access controls and audit all privileged user activities.
Deploy network monitoring to detect reverse shell connections and outbound command traffic.

🔍 How to Verify

Check if Vulnerable:

Check MaxKB version via web interface admin panel or by examining deployment configuration files.

Check Version:

docker exec maxkb_container cat /app/version.txt || check web interface admin panel

Verify Fix Applied:

Confirm version is 1.10.4-lts or later in admin panel and test that reverse shell functionality is blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation events
Suspicious command execution in MaxKB logs
Admin user performing unexpected function library operations

Network Indicators:

Outbound connections to unusual ports from MaxKB server
Reverse shell patterns in network traffic

SIEM Query:

source="maxkb" AND (event="function_library_execution" OR cmd="*reverse_shell*")

📊 Metadata

CVE ID: CVE-2025-32383

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-94

EPSS Score: 0.23% exploit probability (45.7th percentile)

Published: April 10, 2025

Last Updated: August 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32383, you might also want to check these: