Unrated severityNVD Advisory· Published Dec 11, 2025· Updated Dec 18, 2025
MaxKB vulnerable to privilege escalation through sandbox bypass
CVE-2025-66419
Description
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<= 2.3.1+ 1 more
- (no CPE)range: <= 2.3.1
- (no CPE)range: < 2.4.0
Patches
Vulnerability mechanics
References
3- github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7mitrex_refsource_MISC
- github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0mitrex_refsource_MISC
- github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6cmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.