Skip to content

CVE-2025-60455 — Modular Max Serve unsafe deserialization

modular versions earlier than 25.6.0 are vulnerable to unsafe deserialization in Max Serve. If deployed with --experimental-enable-kvcache-agent, this can become remote code execution.

Affected versions

  • modular (PyPI): >=0, <25.6.0 — vulnerable.
  • modular (PyPI): 25.6.0+ — patched.

Indicator-of-exposure

Exposure requires all of the following:

  • The deployed package version resolves to <25.6.0.
  • Max Serve is started with --experimental-enable-kvcache-agent.
  • Untrusted or cross-tenant input reaches that path.

Quick checks:

python -m pip show modular
ps aux | grep -E 'max serve|kvcache|experimental-enable-kvcache-agent'

Remediation strategy

  1. Upgrade to modular>=25.6.0 everywhere (requirements.txt, lockfiles, image build manifests).
  2. Disable --experimental-enable-kvcache-agent by default until upgrade rollout and validation are complete.
  3. Redeploy services and rotate secrets reachable by affected processes if there is any suspicion of exploitation.
  4. Review runtime logs during the exposure window for suspicious requests or crashes.

The prompt 

You are remediating CVE-2025-60455 (Modular Max Serve unsafe
 deserialization).

Output exactly one of:
- A PR upgrading to modular 25.6.0+ and removing risky runtime
  flag usage, or
- TRIAGE.md when a safe upgrade cannot be shipped now.

## Step 0 — Detect
1. Find every direct/transitive `modular` dependency and lockfile.
2. Confirm runtime invocations for Max Serve and detect use of
   `--experimental-enable-kvcache-agent`.

## Step 1 — Remediate
1. Bump all manifests/locks to `modular>=25.6.0`.
2. Remove or hard-disable `--experimental-enable-kvcache-agent`
   from production runtime profiles.
3. Update deployment artifacts and operational runbooks.

## Step 2 — Verify
1. Dependency graph resolves to `modular 25.6.0+` in all targets.
2. Startup/config output confirms the experimental flag is absent
   from production workloads.
3. CI tests and smoke checks pass.

## Stop conditions
- Upgrade causes unresolved dependency conflicts.
- Service functionality depends on the experimental flag and no
  compensating control exists.
- You cannot determine production runtime flags with confidence.

If any stop condition is met, produce TRIAGE.md with blockers,
containment actions, owner, and follow-up date.

Verification — what the reviewer looks for

  • No manifest or lockfile keeps modular below 25.6.0.
  • Production runtime configs no longer enable the experimental kvcache agent.
  • Build/test/deploy checks pass after the dependency change.

Watch for

  • Hidden second copies of modular in transitive lockfiles.
  • Rollback artifacts still launching with the experimental flag.
  • Environment drift between development and production configs.

Sources

  • GitHub Advisory: GHSA-7xcv-9j6c-2fmc
  • CVE: CVE-2025-60455