{"id":"CVE-2025-60455","details":"Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the \"--experimental-enable-kvcache-agent\" feature is used allowing attackers to execute arbitrary code.","aliases":["GHSA-7xcv-9j6c-2fmc"],"modified":"2026-04-02T13:01:36.265736Z","published":"2025-11-18T19:15:49.800Z","references":[{"type":"WEB","url":"https://github.com/modular/modular/blame/main/max/serve/kvcache_agent/kvcache_agent.py#L220"},{"type":"FIX","url":"https://github.com/modular/modular/commit/10620059fb5c47fb0c30e5d21a8ff3b8d622fba4"},{"type":"FIX","url":"https://github.com/modular/modular/commit/b20e749fa892dbe772e890a268002f732164d9f5"},{"type":"FIX","url":"https://github.com/modular/modular/commit/ee9c4ab02345dd30bed8b79771b6909ff1b930a1"},{"type":"FIX","url":"https://github.com/modular/modular/issues/4795"},{"type":"EVIDENCE","url":"https://www.oligo.security/blog/shadowmq-how-code-reuse-spread-critical-vulnerabilities-across-the-ai-ecosystem"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/modular/modular","events":[{"introduced":"0"},{"fixed":"f2f9aa604e175a65407235704bbe52ddf9df038b"},{"fixed":"10620059fb5c47fb0c30e5d21a8ff3b8d622fba4"},{"fixed":"b20e749fa892dbe772e890a268002f732164d9f5"},{"fixed":"ee9c4ab02345dd30bed8b79771b6909ff1b930a1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"25.6.0"}]}}],"versions":["max/v24.6.0","max/v25.1.0","max/v25.2.0","modular/v25.3.0","modular/v25.4.0","modular/v25.5.0","mojo/v24.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60455.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}