Overview
A medium severity vulnerability, identified as CVE-2025-64703, has been discovered in MaxKB, an open-source AI assistant for enterprise. This vulnerability affects versions prior to 2.3.1 and allows a malicious user to potentially extract sensitive information through the execution of Python code within the tool module. While the code is intended to run within a sandbox, a flaw allows for a sandbox escape, leading to unauthorized data access. Users of MaxKB are strongly advised to upgrade to version 2.3.1 as soon as possible to remediate this security risk.
Technical Details
The vulnerability stems from insufficient security measures in the sandbox environment used for executing Python code within the MaxKB tool module. An attacker can craft malicious Python code that, when executed, can bypass the sandbox restrictions. This allows the attacker to access system resources, environment variables, or other data that should be protected. This bypass allows for reading configuration files or accessing other sensitive data the MaxKB process has access to.
CVSS Analysis
- CVE ID: CVE-2025-64703
- Severity: MEDIUM
- CVSS Score: 6.3
A CVSS score of 6.3 indicates a medium severity vulnerability. This means that while the vulnerability is exploitable, the impact may be limited, or the attack requires certain conditions to be met. However, the potential for sensitive data exposure necessitates immediate action.
Possible Impact
Successful exploitation of this vulnerability could lead to several negative consequences, including:
- Data Breach: Sensitive information stored within MaxKB or accessible by the MaxKB process could be exposed.
- Privilege Escalation: While unlikely to lead to full system compromise directly, the attacker could gain more knowledge to facilitate further attacks.
- Reputational Damage: A data breach could damage the reputation of the organization using MaxKB.
- Compliance Violations: Exposure of sensitive data may lead to violations of data protection regulations.
Mitigation or Patch Steps
The recommended mitigation is to upgrade MaxKB to version 2.3.1. This version contains a patch that addresses the sandbox escape vulnerability and prevents malicious Python code from accessing sensitive information. To upgrade, follow the official MaxKB upgrade instructions which can be found on the project’s GitHub repository.
If immediate upgrade is not possible, consider these temporary mitigations (though they are less effective):
- Disable or restrict access to the tool module in MaxKB.
- Carefully review and sanitize any Python code submitted to the tool module.
