CVE-2025-60455
📋 TL;DR
CVE-2025-60455 is an unsafe deserialization vulnerability in Modular Max Serve that allows remote code execution when the experimental KVCache agent feature is enabled. Attackers can exploit this to execute arbitrary commands on affected systems. Organizations using Modular Max Serve versions before 25.6 with the '--experimental-enable-kvcache-agent' flag are at risk.
💻 Affected Systems
- Modular Max Serve
📦 What is this software?
Max by Modular
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise leading to data exfiltration, lateral movement, ransomware deployment, or complete system takeover.
Likely Case
Remote code execution allowing attackers to install malware, create backdoors, or pivot to other systems in the network.
If Mitigated
Limited impact if proper network segmentation and least privilege principles are implemented, potentially containing the breach to isolated segments.
🎯 Exploit Status
The vulnerability is in deserialization logic, making exploitation straightforward once the feature is enabled. No authentication required for exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 25.6 and later
Vendor Advisory: https://github.com/modular/modular/issues/4795
Restart Required: Yes
Instructions:
1. Upgrade Modular Max Serve to version 25.6 or later. 2. Restart the service. 3. Verify the experimental KVCache agent feature is no longer vulnerable.
🔧 Temporary Workarounds
Disable Experimental KVCache Agent
allRemove or disable the '--experimental-enable-kvcache-agent' flag from service configurations.
Check service configuration files and remove any instances of '--experimental-enable-kvcache-agent'
Restart the Modular Max Serve service
🧯 If You Can't Patch
- Disable the experimental KVCache agent feature immediately by removing the '--experimental-enable-kvcache-agent' flag from all configurations.
- Implement strict network segmentation to isolate Modular Max Serve instances from critical systems and internet exposure.
🔍 How to Verify
Check if Vulnerable:
Check if Modular Max Serve version is below 25.6 AND the '--experimental-enable-kvcache-agent' flag is present in service configuration or command line arguments.Check Version:
modular max serve --versionVerify Fix Applied:
Verify version is 25.6 or higher and confirm the experimental KVCache agent feature has been patched by checking the specific commit fixes in the GitHub repository.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from Modular Max Serve
- Errors or warnings related to KVCache agent deserialization
- Unexpected network connections from the service
Network Indicators:
- Suspicious inbound requests to Modular Max Serve ports when KVCache agent is enabled
- Outbound connections to unexpected destinations from the service
SIEM Query:
source="modular_max_serve" AND (event="deserialization_error" OR cmd="*--experimental-enable-kvcache-agent*")🔗 References
- https://github.com/modular/modular/blame/main/max/serve/kvcache_agent/kvcache_agent.py#L220
- https://github.com/modular/modular/commit/10620059fb5c47fb0c30e5d21a8ff3b8d622fba4
- https://github.com/modular/modular/commit/b20e749fa892dbe772e890a268002f732164d9f5
- https://github.com/modular/modular/commit/ee9c4ab02345dd30bed8b79771b6909ff1b930a1
- https://github.com/modular/modular/issues/4795
- https://www.oligo.security/blog/shadowmq-how-code-reuse-spread-critical-vulnerabilities-across-the-ai-ecosystem
