Cyber Resilience

CVE-2025-53928

MediumPublic PoC

Published: 17 July 2025

Published
17 July 2025
Modified
02 August 2025
KEV Added
Patch
CVSS Score v3.1 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0208 84.4th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53928 is a medium-severity Code Injection (CWE-94) vulnerability in Maxkb Maxkb. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

MaxKB, an open-source AI assistant for enterprise use, is affected by a remote command execution vulnerability in its MCP call. The flaw, identified as CVE-2025-53928 and assigned CWE-94, exists in all versions prior to 1.10.9-lts and 2.0.0 and carries a CVSS 3.1 score of 4.6 reflecting network attack vector, high complexity, and limited impacts across confidentiality, integrity, and availability.

An authenticated attacker who can supply crafted input to the MCP call may trigger arbitrary command execution, though successful exploitation requires user interaction and faces high attack complexity that limits the practical impact to partial control over the affected instance.

The project has published fixes in versions 1.10.9-lts and 2.0.0, with details available in the corresponding GitHub security advisory and release notes that recommend immediate upgrade for affected deployments. The associated EPSS score has remained flat at 0.0208 with no material increase since disclosure.

EU & UK References

Vulnerability details

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote Command Execution vulnerability in MCP call enables exploitation of a public-facing application (T1190) to execute arbitrary commands using command and scripting interpreters (T1059).

CVEs Like This One

CVE-2026-39421Same product: Maxkb Maxkb
CVE-2026-39418Same product: Maxkb Maxkb
CVE-2024-56137Same product: Maxkb Maxkb
CVE-2026-39420Same product: Maxkb Maxkb
CVE-2026-27577Shared CWE-94
CVE-2024-54756Shared CWE-94
CVE-2024-21760Shared CWE-94
CVE-2024-55028Shared CWE-94
CVE-2025-2303Shared CWE-94
CVE-2026-41258Shared CWE-94

Affected Assets

maxkb
maxkb
≤ 1.10.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of all inputs to the MCP call, directly blocking the unsanitized data that enables remote command execution (CWE-94).

prevent

Requires prompt application of the vendor-supplied patches in versions 1.10.9-lts and 2.0.0 that eliminate the MCP-call flaw.

prevent

Restricts privileges of accounts that can invoke MCP functions, limiting the attack surface that requires only low-privilege access.

References