CVE-2025-64703 in MaxKB
Summary
by MITRE • 11/13/2025
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/05/2025
CVE-2025-64703 represents a critical information disclosure vulnerability within MaxKB, an open-source AI assistant platform designed for enterprise environments. This vulnerability exists in versions prior to 2.3.1 and stems from insufficient sandboxing mechanisms that allow authenticated users to execute Python code within the tool module. The flaw specifically enables attackers to extract sensitive information through code execution that should theoretically be restricted to a sandboxed environment. The vulnerability demonstrates a fundamental failure in the isolation mechanisms that are supposed to prevent unauthorized access to system resources and data.
The technical implementation of this vulnerability exploits the sandboxing architecture of MaxKB's tool module execution environment. While the platform claims to execute user code within a sandboxed context, the security boundaries are improperly enforced, allowing code execution that can access system resources, configuration files, and potentially sensitive data. This represents a classic case of inadequate privilege separation and security boundary enforcement. The vulnerability falls under CWE-250 which addresses execution of code with unnecessary privileges, and more specifically relates to CWE-284 which covers improper access control mechanisms. The issue indicates a breakdown in the principle of least privilege that should prevent code execution from accessing resources beyond its intended scope.
The operational impact of this vulnerability extends beyond simple information disclosure to potentially enable further exploitation within enterprise environments. An authenticated attacker could leverage this vulnerability to access configuration details, system credentials, or other sensitive data that might be stored in accessible locations. The sandboxed execution environment that should provide protection is effectively bypassed, creating a vector for data exfiltration and potential lateral movement within the enterprise network. This vulnerability aligns with ATT&CK technique T1078 which covers valid accounts and T1566 which covers credential harvesting, as the compromised system could provide access to additional credentials or sensitive information that could be used for further attacks.
Organizations using affected versions of MaxKB should immediately implement mitigation strategies including upgrading to version 2.3.1 or later, which contains the necessary fixes for the sandboxing implementation. Additional protective measures should include monitoring for unauthorized code execution attempts and implementing network segmentation to limit the potential impact of any successful exploitation. The vulnerability highlights the importance of thorough security testing of sandboxing mechanisms and proper enforcement of access controls. Organizations should also consider implementing additional logging and monitoring around tool module execution to detect potential exploitation attempts. The fix in version 2.3.1 likely addresses the underlying sandboxing implementation to properly isolate code execution and prevent access to sensitive system resources that should remain protected from user-controlled code execution.