cbcvebase.
CVE-2025-66446
published 2025-12-11

CVE-2025-66446: MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in…

PriorityP350high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
0.31%
22.2th percentile
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
1panel-devmaxkb< 2.4.02.4.0
maxkbmaxkb< 2.4.02.4.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.