What is the CVSS score of CVE-2025-48950?

CVE-2025-48950 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Maxkb are affected by CVE-2025-48950?

MaxKB deployments running versions prior to 1.10.8-lts are vulnerable to privilege escalation attacks through executable files in unrestricted directories, potentially allowing unauthorized command…. A patch is available.

Is there a public PoC exploit available for CVE-2025-48950?

Yes, a public proof-of-concept exploit is available for CVE-2025-48950. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-48950?

Within 24 hours: Identify all MaxKB instances in production and document their current versions. Within 7 days: Upgrade all affected MaxKB deployments to version 1.10.8-lts or later; prioritize systems handling sensitive data or customer-facing operations. Within 30 days: Conduct post-patch validation testing and review system logs for signs of exploitation.

Maxkb CVE-2025-48950

EUVD-2025-16777 HIGH

Incorrect Default Permissions (CWE-276)

2025-06-03 security-advisories@github.com

Information Disclosure Maxkb

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16777

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

Patch released

Mar 14, 2026 - 17:04 nvd

Patch available

PoC Detected

Aug 06, 2025 - 19:13 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 19:15 nvd

HIGH 8.8

DescriptionGitHub Advisory

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.

AnalysisAI

MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in common system directories (/bin, /usr/bin, etc.), allowing local attackers with low privileges to execute arbitrary code via executable files in non-blacklisted directories and achieve full system compromise. The vulnerability affects enterprise AI assistant deployments and has a high CVSS score of 8.8 reflecting significant impact potential; exploitation requires local access but no user interaction.

Technical ContextAI

MaxKB is an open-source AI assistant framework designed for enterprise use. The vulnerability stems from CWE-276 (Incorrect Default Permissions), specifically an inadequate sandbox/containment mechanism that relies on directory-based allowlisting rather than comprehensive execution control. The sandbox implementation attempts to restrict binary execution to known dangerous locations, but attackers can bypass this by placing or leveraging existing executable files in directories outside the blacklist (e.g., /opt, /home, /tmp, or application-specific directories). This is a classic case of incomplete security controls where the threat model assumed attacks would only originate from well-known system binary locations. The root cause is insufficient privilege separation and execution boundary enforcement within the MaxKB process sandbox, likely affecting the plugin/extension execution framework or script execution engine commonly used in AI assistant products.

RemediationAI

Immediate action: Upgrade MaxKB to version 1.10.8-lts or later, which implements proper sandbox restrictions beyond directory-based blacklists. Mitigation steps for organizations unable to immediately patch: (1) Restrict local access to the MaxKB application to trusted users only; implement strong access controls and disable shell execution features if available; (2) Run MaxKB in a restricted container or VM with minimal privileges and limited file system access outside necessary directories; (3) Implement system-level execution restrictions using AppArmor, SELinux, or similar mandatory access control frameworks to prevent binary execution across the filesystem; (4) Monitor process execution logs for unusual activity originating from non-standard directories; (5) Audit and remove unnecessary executable files from application directories; (6) Apply principle of least privilege—run MaxKB processes with minimal required permissions. Patch availability: Version 1.10.8-lts addresses this issue. Obtain patches from the official MaxKB repository releases page.

CVE-2025-48950 vulnerability details – vuln.today

Back

Maxkb CVE-2025-48950

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code