CVE-2025-4546

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-4546

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4546.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4546

Published

2025-05-11T20:15:18.107Z

Modified

2026-04-10T05:27:10.974325Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.10.8 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure.

References

Affected packages

Git / github.com/1panel-dev/maxkb

Affected ranges

Type

GIT

Repo

https://github.com/1panel-dev/maxkb

Events

Introduced

Last affected

a1d5c83f2fdd4a2564af1a943f0c169aec7b1909

Introduced

50f2c9629d2a3e075dc57c506d8ad19a50407f27

Last affected

79b2de8893c8300cd219883c1ab56ef34df40dab

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "1.10.0"
        },
        {
            "last_affected": "1.10.7"
        }
    ]
}

Affected versions

v0.*

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.10.0-lts

v1.10.1-lts

v1.10.2-lts

v1.10.3-lts

v1.10.6-lts

v1.10.7-lts

v1.2.0

v1.2.1

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.6.1

v1.7.0

v1.9.0

v1.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4546.json"