CVE-2025-64703 MEDIUM

CVE-2025-64703: MaxKB has Information Leak in sandbox

Vendor 1Panel-Dev
Product MaxKB
Weakness CWE-200 · Info exposure
Published November 13, 2025
Last update November 13, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
November 13, 2025 Record updated