CVE-2025-64703
📋 TL;DR
MaxKB versions before 2.3.1 contain a sandbox escape vulnerability in the Python tool module that allows authenticated users to access sensitive information. This affects organizations using MaxKB for AI assistance with user accounts that can execute Python code through the tool module.
💻 Affected Systems
- MaxKB
📦 What is this software?
Maxkb by Maxkb
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could exfiltrate sensitive system information, configuration data, or potentially access other restricted resources through the sandbox escape.
Likely Case
Authenticated users with tool execution privileges could access sensitive application data, configuration files, or system information they shouldn't have access to.
If Mitigated
With proper access controls and monitoring, impact would be limited to unauthorized data access within the application's scope.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of Python sandbox escape techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.1
Vendor Advisory: https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-qwvm-x4xh-g2qq
Restart Required: Yes
Instructions:
1. Backup your MaxKB configuration and data. 2. Stop the MaxKB service. 3. Update to version 2.3.1 using your package manager or manual installation. 4. Restart the MaxKB service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Disable Python tool execution
allTemporarily disable Python code execution in the tool module until patching can be completed.
# Modify MaxKB configuration to disable Python tool execution
# Check configuration files for tool execution settings
Restrict user permissions
allLimit which users have access to execute tools in MaxKB.
# Review and modify user role permissions in MaxKB admin interface
🧯 If You Can't Patch
- Implement strict access controls to limit which users can execute tools in MaxKB
- Monitor tool execution logs for suspicious Python code patterns
🔍 How to Verify
Check if Vulnerable:
Check MaxKB version via admin interface or configuration files. If version is below 2.3.1, system is vulnerable.Check Version:
# Check MaxKB version in admin interface or via: grep -i version /path/to/maxkb/config/*Verify Fix Applied:
Confirm MaxKB version is 2.3.1 or higher and test that Python tool execution is properly sandboxed.📡 Detection & Monitoring
Log Indicators:
- Unusual Python tool executions
- Multiple tool execution attempts by single user
- Tool executions accessing system files or sensitive paths
Network Indicators:
- Unexpected outbound connections from MaxKB server following tool execution
SIEM Query:
source="maxkb" AND (event="tool_execution" OR event="python_execution") | stats count by user, tool_name