CVE 8.8 HIGH

MaxKB vulnerable to privilege escalation through sandbox bypass_CVE-2025-66419

December 11, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

AI Analysis

Privilege escalation through sandbox bypass in MaxKB versions 2.3.1 and below

Basic Information

ID CVE-2025-66419

Source GitHub_M

Published Dec 11, 2025 at 21:39

Affected Product

Vendor 1Panel-dev

Product MaxKB

Version < 2.4.0

Affected Versions 1Panel-dev MaxKB < 2.4.0

CWE Classification

CWE-362

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor 1Panel-dev

Product MaxKB

Version 2.3.1 and below

References

{
    "lastseen": "",
    "description": "MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.",
    "published": "2025-12-11T21:39:15.361Z",
    "modified": "2025-12-11T21:39:15.361Z",
    "type": "cve",
    "title": "MaxKB vulnerable to privilege escalation through sandbox bypass",
    "source": "GitHub_M",
    "references": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c\nhttps://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7\nhttps://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0",
    "id": "CVE-2025-66419",
    "bulletinFamily": "",
    "cwe": [
        "CWE-362"
    ],
    "cvelist": null,
    "sourceData": "1Panel-dev MaxKB < 2.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MaxKB",
    "version": "< 2.4.0",
    "vendor": "1Panel-dev",
    "ai_description": "Privilege escalation through sandbox bypass in MaxKB versions 2.3.1 and below",
    "ai_severity": "High",
    "ai_vendor": "1Panel-dev",
    "ai_product": "MaxKB",
    "ai_version": "2.3.1 and below",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply