CVE-2025-53928
Published: 17 July 2025
Summary
CVE-2025-53928 is a medium-severity Code Injection (CWE-94) vulnerability in Maxkb Maxkb. Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
MaxKB, an open-source AI assistant for enterprise use, is affected by a remote command execution vulnerability in its MCP call. The flaw, identified as CVE-2025-53928 and assigned CWE-94, exists in all versions prior to 1.10.9-lts and 2.0.0 and carries a CVSS 3.1 score of 4.6 reflecting network attack vector, high complexity, and limited impacts across confidentiality, integrity, and availability.
An authenticated attacker who can supply crafted input to the MCP call may trigger arbitrary command execution, though successful exploitation requires user interaction and faces high attack complexity that limits the practical impact to partial control over the affected instance.
The project has published fixes in versions 1.10.9-lts and 2.0.0, with details available in the corresponding GitHub security advisory and release notes that recommend immediate upgrade for affected deployments. The associated EPSS score has remained flat at 0.0208 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21771
Vulnerability details
MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote Command Execution vulnerability in MCP call enables exploitation of a public-facing application (T1190) to execute arbitrary commands using command and scripting interpreters (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of all inputs to the MCP call, directly blocking the unsanitized data that enables remote command execution (CWE-94).
Requires prompt application of the vendor-supplied patches in versions 1.10.9-lts and 2.0.0 that eliminate the MCP-call flaw.
Restricts privileges of accounts that can invoke MCP functions, limiting the attack surface that requires only low-privilege access.