CVE-2025-64511
MaxKB has SSRF in sandbox
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Productos afectados
1Panel-dev · MaxKB¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →