Vulnerabilities

CVE-2025-60455

by Fred · 18/11/2025

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the “–experimental-enable-kvcache-agent” feature is used allowing attackers to execute arbitrary code.

More information : https://github.com/modular/modular/blame/main/max/serve/kvcache_agent/kvcache_agent.py#L220

Similar

Tags: Cybersecurity Alert