Home

Description

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

PUBLISHED Reserved 2025-11-28 | Published 2025-12-11 | Updated 2025-12-18 | Assigner GitHub_M




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Product status

< 2.4.0
affected

References

github.com/.../MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c

github.com/...ommit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7

github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0

cve.org (CVE-2025-66419)

nvd.nist.gov (CVE-2025-66419)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.