CVE-2025-66419 HIGH

CVE-2025-66419: MaxKB vulnerable to privilege escalation through sandbox bypass

Vendor 1Panel-Dev
Product MaxKB
Weakness CWE-362
Published December 11, 2025
Last update December 18, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

Key dates

02Disclosure timeline

December 11, 2025 CVE published
December 18, 2025 Record updated