CVE-2025-53928 | MaxKB up to 1.10.8-lts MCP Call code injection (GHSA-38q2-4mm7-qf5h)

Inserito da Angelo Barbosa | Lug 17, 2025 | CVE

A vulnerability was found in MaxKB up to 1.10.8-lts. It has been declared as critical. This vulnerability affects unknown code of the component MCP Call Handler. The manipulation leads to code injection.

This vulnerability was named CVE-2025-53928. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-53928 | MaxKB up to 1.10.8-lts MCP Call code injection (GHSA-38q2-4mm7-qf5h)

Post correlati

CVE-2023-42404 | OneVision Workspace up to 29.031/30.043/31.039 Java EL code injection

CVE-2024-32970 | phlex up to 1.9.2/1.10.1 cross site scripting

CVE-2024-49693 | Kraftplugins Mega Elements Plugin up to 1.2.6 on WordPress cross site scripting

CVE-2025-4032 | inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e shell_tool.py subprocess.run/subprocess.Popen os command injection (Issue 38)