cbcvebase.
CVE-2025-66419
published 2025-12-11

CVE-2025-66419: MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and…

PriorityP358critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.27%
18.8th percentile
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
1panel-devmaxkb< 2.4.02.4.0
maxkbmaxkb< 2.4.02.4.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.