What is CVE-2025-4546?

CVE-2025-4546 is a medium-severity vulnerability in 1panel-dev Maxkb, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 4.7/10. Published 2025-05-11.

How severe is CVE-2025-4546?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Vulnerability in 1panel-dev Maxkb

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The a…

EPSS: 0.003 (54.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

1panel-dev Maxkb — versions 1.10.0, 1.10.1, 1.10.2

Weakness classification (CWE)

References

VDB-308293 | 1Panel-dev MaxKB Knowledge Base Module csv injection (vdb-entry)
VDB-308293 | CTI Indicators (IOB, IOC) (signature, permissions-required)
Submit #566517 | 1Panel-dev MaxKB v1.10.6-lts CWE:1236 (third-party-advisory)
github.com/yaowenxiao721/Poc/blob/main/MaxKB/MaxKB-poc1.md (exploit)

Frequently asked questions

What is CVE-2025-4546?: CVE-2025-4546 is a medium-severity vulnerability in 1panel-dev Maxkb, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 4.7/10. Published 2025-05-11.
How severe is CVE-2025-4546?: Medium severity. CVSS v3 base score is 4.7 out of 10.