Home > Vulnerability Database > CVE-2025-60455

Mend.io Vulnerability Database

CVE-2025-60455

Good to know:

Date: November 17, 2025

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.

Severity Score

8.4

Related Resources (9)

Url: https://github.com/modular/modular/issues/4795

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-60455

Url: https://github.com/modular/modular/blame/main/max/serve/kvcache_agent/kvcache_agent.py#L220

Url: https://github.com/modular/modular/commit/ee9c4ab02345dd30bed8b79771b6909ff1b930a1

Url: https://github.com/modular/modular/commit/10620059fb5c47fb0c30e5d21a8ff3b8d622fba4

Url: https://github.com/modular/modular/commit/b20e749fa892dbe772e890a268002f732164d9f5

Url: https://www.oligo.security/blog/shadowmq-how-code-reuse-spread-critical-vulnerabilities-across-the-ai-ecosystem

Url: https://github.com/modular/modular

Url: https://www.mend.io/vulnerability-database/CVE-2025-60455

Severity Score

8.4

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version modular - 25.6.0

Learn More

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-60455

Good to know:

Date: November 17, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?