CVE-2025-64703 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the open-source AI assistant MaxKB developed by 1Panel-dev. The flaw exists in versions prior to 2.3.1 and involves the execution of Python code within a tool module that is intended to run in a sandboxed environment. Despite sandboxing, the vulnerability allows a user with limited privileges to access sensitive information that should otherwise be protected. The sandbox isolation is insufficient, permitting leakage of confidential data through the Python code execution path. The CVSS v3.1 score of 6.3 reflects a medium severity, with attack vector being network-based (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and impacts on confidentiality, integrity, and availability all rated low (C:L/I:L/A:L). This indicates that an attacker with some level of access to the system can exploit the vulnerability remotely without needing to trick a user. The vulnerability could lead to unauthorized disclosure of sensitive enterprise data handled by the AI assistant, potentially exposing intellectual property or personal data. The issue was addressed in MaxKB version 2.3.1, which should be applied promptly. No public exploits or active exploitation have been reported, but the vulnerability's nature makes it a concern for organizations relying on MaxKB for AI-driven enterprise assistance.

For European organizations, the exposure of sensitive information through this vulnerability could lead to data breaches involving proprietary business information or personal data protected under GDPR. The compromise of confidentiality may result in reputational damage, regulatory penalties, and loss of competitive advantage. Integrity and availability impacts, while rated low, could still disrupt AI assistant functionality, affecting business operations. Organizations in sectors with high reliance on AI tools for knowledge management, such as finance, manufacturing, and technology, are particularly at risk. The requirement for low privileges to exploit the vulnerability means that insider threats or compromised user accounts could be leveraged to extract sensitive data. Given the GDPR framework, unauthorized data exposure could trigger mandatory breach notifications and fines, increasing the regulatory impact. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks, especially as threat actors often target AI and enterprise tools.

European organizations should immediately upgrade MaxKB to version 2.3.1 or later to remediate the vulnerability. Until patching is complete, restrict access to MaxKB instances to trusted users only and enforce strict privilege management to minimize the number of users with the required privileges to exploit the vulnerability. Implement network segmentation and firewall rules to limit exposure of MaxKB services to internal networks or authorized endpoints. Conduct thorough audits of user accounts and monitor logs for unusual Python code execution or data access patterns within MaxKB. Employ data loss prevention (DLP) solutions to detect and block unauthorized data exfiltration attempts. Additionally, review sandbox configurations and consider additional containment controls to prevent code execution from leaking sensitive information. Train staff on the risks associated with privilege misuse and enforce strong authentication mechanisms to reduce the risk of compromised credentials being used for exploitation.