CVE-2025-60455

Published November 18th, 2025

View on NVD ↗

CVSS v3

8.4

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.

modular/modular

The Modular Platform (includes MAX & Mojo)

GitHub

26.3K