CVE-2025-66419

High CVSS: 8.8

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

Vendor

Maxkb

Product

Maxkb

CWE

CWE-362

Yayın Tarihi

2025-12-11 22:15:55

Güncelleme

2025-12-15 18:05:09

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-362 Maxkb HIGH Maxkb 2025

Referanslar

https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7 https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c

Benzer Kayıtlar

High

CVE-2025-66446

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow…

High

CVE-2025-64511

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network serv…

Medium

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations b…

Medium

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed be…

Medium

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution…

Medium

CVE-2025-48950

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution p…