Modular Max Serve Unsafe Deserialization Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability allowing remote code execution has been identified in Modular Max Serve versions prior to 25.6. This issue arises from unsafe deserialization using Python's pickle module, which can execute arbitrary code. The vulnerability is present when the '--experimental-enable-kvcache-agent' feature is enabled, exposing an authenticated ZeroMQ socket that deserializes untrusted data over the network.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server where Max Serve is running.
Reproduction
To reproduce this vulnerability, activate the 'KV Cache Agent' feature in Modular Max Serve versions prior to 25.6. This will open a ZeroMQ socket that accepts incoming messages. If an attacker sends a payload that exploits the pickle deserialization vulnerability, they can execute arbitrary code on the server.
Remediation
Users can update to Modular Max Serve version 25.6 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.