CVE-2025-60455: 
Python 脆弱性の分析と軽減

A critical Remote Code Execution (RCE) vulnerability was discovered in Modular Max Serve before version 25.6 (CVE-2025-60455). The vulnerability specifically affects installations where the '--experimental-enable-kvcache-agent' feature is enabled, allowing attackers to execute arbitrary code through unsafe deserialization (Oligo Security, Hacker News).

The vulnerability stems from the unsafe implementation of ZeroMQ (ZMQ) communications combined with Python's pickle deserialization in the KV Cache Agent component. The issue was discovered as part of a broader pattern dubbed 'ShadowMQ', where unsafe deserialization patterns were propagated through code reuse across multiple AI frameworks. The vulnerable code was identified in the kvcacheagent.py file, specifically related to the recvpyobj() method which used pickle for deserialization over unauthenticated network sockets (GitHub Commit).

The vulnerability could allow attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise. As Modular Max Server is used in AI infrastructure processing sensitive data across GPU clusters, successful exploitation could enable attackers to execute malicious code, escalate privileges to other internal systems, exfiltrate model data or secrets, and potentially install GPU-based cryptominers (Oligo Security).

The vulnerability has been patched in Modular Max Server version 25.6 by replacing pickle with msgpack for serialization. Organizations are advised to update to the patched version immediately. For those unable to update, it's recommended to avoid using pickle with untrusted data, implement authentication (HMAC or TLS) for ZMQ communications, and restrict network access to ZMQ endpoints (Oligo Security).