CVE-2025-60455

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-60455

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60455.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-60455

Aliases

GHSA-7xcv-9j6c-2fmc

Published

2025-11-18T19:15:49.800Z

Modified

2026-03-15T22:51:39.693958Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.

References

Affected packages

Git / github.com/modular/modular

Affected ranges

Type

GIT

Repo

https://github.com/modular/modular

Events

Introduced

Fixed

f2f9aa604e175a65407235704bbe52ddf9df038b

Fixed

10620059fb5c47fb0c30e5d21a8ff3b8d622fba4

Fixed

b20e749fa892dbe772e890a268002f732164d9f5

Fixed

ee9c4ab02345dd30bed8b79771b6909ff1b930a1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "25.6.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60455.json"