CVE-2025-60455

Modular Max Serve contains an unsafe deserialization vulnerability (CVE-2025-60455) that can lead to arbitrary code execution when the --experimental-enable-kvcache-agent feature is enabled. Affected versions are prior to 25.6; exploit would require local access (attack vector LOCAL) with no user...