CVE-2025-53927

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.0.0

Description MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because the software only restricts the execution permissions of files in a specific directory. An attacker can use the shutil.copy2 method in Python to copy a command to the executable directory, bypassing directory restrictions and enabling reverse shell access.

Recommendations Update to version 2.0.0 or later.