CVE-2025-60455

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Modular Max Serve versions prior to 25.6

Description An unsafe deserialization issue exists in Modular Max Serve when the "--experimental-enable-kvcache-agent" feature is utilized. This allows attackers to potentially execute arbitrary code. The issue occurs due to improper handling of deserialized data.

Recommendations Update Modular Max Serve to version 25.6 or later. Disable the "--experimental-enable-kvcache-agent" feature.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-60455

GHSA-7XCV-9J6C-2FMC

Affected Products

Modular Max Serve

CVE-2025-60455

Weakness Enumeration

Related Identifiers

Affected Products

References · 14