CVE-2025-66419CRITICAL 10.0EPSS p18.7%

CVE-2025-66419CVE-2025-66419

Description

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.27% probability of exploitation · percentile 18.7% · 2026-06-18T12:00:27Z
Published2025-12-11
Last modified2025-12-15

Underlying weaknesses· 1

CWE-362

References

  1. https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7
  2. https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0
  3. https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c

1

TypeTargetConfidenceTier
WeaknessConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')cwe-3620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64511
CVE
CVE-2025-48950
CVE
CVE-2025-53928
CVE
CVE-2025-47601
CVE
CVE-2025-60455
CVE
CVE-2026-6543
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.