CVE-2025-64511
📋 TL;DR
This vulnerability in MaxKB allows authenticated users to bypass sandbox restrictions and execute Python code that can access internal network services like databases. It affects all MaxKB deployments running versions before 2.3.1 where users have access to the tool module functionality.
💻 Affected Systems
- MaxKB
📦 What is this software?
Maxkb by Maxkb
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive internal databases, exfiltrate data, pivot to other internal systems, or execute arbitrary network requests to internal services.
Likely Case
Privileged users could unintentionally or maliciously access internal databases they shouldn't have access to, potentially exposing sensitive data.
If Mitigated
With proper network segmentation and access controls, the impact would be limited to accessing only authorized internal services.
🎯 Exploit Status
Exploitation requires authenticated access to the tool module; the vulnerability is in the sandbox implementation allowing network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.1
Vendor Advisory: https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-9287-g7px-9rp4
Restart Required: Yes
Instructions:
1. Backup your MaxKB configuration and data. 2. Update MaxKB to version 2.3.1 or later using your deployment method (Docker, package manager, etc.). 3. Restart the MaxKB service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable Tool Module Access
allRestrict or disable user access to the tool module functionality that allows Python code execution.
Network Segmentation
allImplement strict network segmentation to isolate MaxKB from sensitive internal services.
🧯 If You Can't Patch
- Implement strict access controls to limit which users can access the tool module functionality.
- Deploy network-level restrictions to prevent MaxKB from accessing internal databases and other sensitive services.
🔍 How to Verify
Check if Vulnerable:
Check your MaxKB version; if it's below 2.3.1, you are vulnerable.Check Version:
Check the MaxKB web interface settings or run: docker inspect maxkb_container | grep -i versionVerify Fix Applied:
Confirm MaxKB version is 2.3.1 or later and test that Python code in the tool module cannot access internal network services.📡 Detection & Monitoring
Log Indicators:
- Unusual Python code execution in tool module logs
- Network connections from MaxKB to internal databases
Network Indicators:
- Unexpected outbound connections from MaxKB to internal services on database ports (3306, 5432, 27017, etc.)
SIEM Query:
source="maxkb" AND (event="tool_execution" OR event="python_execution") AND dest_port IN (3306, 5432, 27017, 1433)