CVE-2025-66419
- Source
- https://cve.org/CVERecord?id=CVE-2025-66419
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66419.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66419
- Aliases
-
- GHSA-f9qm-2pxq-fx6c
- Published
- 2025-12-11T21:39:15.361Z
- Modified
- 2026-03-01T02:54:49.633604Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- MaxKB vulnerable to privilege escalation through sandbox bypass
- Details
-
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
- Database specific
{ "cwe_ids": [ "CWE-362" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66419.json" }- References
-
- https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7
- https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0
- https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66419.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-66419
Affected packages
Git / github.com/1panel-dev/maxkb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/1panel-dev/maxkb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed