VYPR
Unrated severityNVD Advisory· Published Dec 11, 2025· Updated Dec 18, 2025

MaxKB vulnerable to privilege escalation through sandbox bypass

CVE-2025-66419

Description

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 1panel Dev/Maxkbllm-fuzzy2 versions
    <= 2.3.1+ 1 more
    • (no CPE)range: <= 2.3.1
    • (no CPE)range: < 2.4.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.