CVE-2025-66419

EPSS 0.27%
Veröffentlicht 11.12.2025 21:39:15
Zuletzt bearbeitet 15.12.2025 18:05:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

MaxKB vulnerable to privilege escalation through sandbox bypass

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Maxkb ≫ Maxkb SwEdition- Version < 2.4.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.187

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c

Vendor Advisory

https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7

Patch

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-66419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66419

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66419