CVE-2025-32383 MEDIUM

CVE-2025-32383: MaxKB has a reverse shell vulnerability in function library

Vendor 1Panel-Dev
Product MaxKB
Weakness CWE-94 · Code injection
Published April 10, 2025
Last update April 10, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts.

Key dates

02Disclosure timeline

April 10, 2025 CVE published
April 10, 2025 Record updated