CVE-2025-4546

Summary

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.10.8 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure.

Affected Software

VendorProductVersion RangeStatus
1Panel-devMaxKB1.10.0affected
1Panel-devMaxKB1.10.1affected
1Panel-devMaxKB1.10.2affected
1Panel-devMaxKB1.10.3affected
1Panel-devMaxKB1.10.4affected
1Panel-devMaxKB1.10.5affected
1Panel-devMaxKB1.10.6affected
1Panel-devMaxKB1.10.7affected

Weaknesses

  • CWE-1236: CSV Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References