Vulnerability Details CVE-2025-66419
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.4%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-66419
-
cpe:2.3:a:maxkb:maxkb:0.9.0
-
cpe:2.3:a:maxkb:maxkb:0.9.1
-
cpe:2.3:a:maxkb:maxkb:1.0.0
-
cpe:2.3:a:maxkb:maxkb:1.0.1
-
cpe:2.3:a:maxkb:maxkb:1.0.2
-
cpe:2.3:a:maxkb:maxkb:1.0.3
-
cpe:2.3:a:maxkb:maxkb:1.0.4
-
cpe:2.3:a:maxkb:maxkb:1.1.0
-
cpe:2.3:a:maxkb:maxkb:1.1.1
-
cpe:2.3:a:maxkb:maxkb:1.1.2
-
cpe:2.3:a:maxkb:maxkb:1.1.3
-
cpe:2.3:a:maxkb:maxkb:1.2.0
-
cpe:2.3:a:maxkb:maxkb:1.2.1
-
cpe:2.3:a:maxkb:maxkb:1.3.0
-
cpe:2.3:a:maxkb:maxkb:1.3.1
-
cpe:2.3:a:maxkb:maxkb:1.4.0
-
cpe:2.3:a:maxkb:maxkb:1.4.1
-
cpe:2.3:a:maxkb:maxkb:1.5.0
-
cpe:2.3:a:maxkb:maxkb:1.5.1
-
cpe:2.3:a:maxkb:maxkb:1.6.0
-
cpe:2.3:a:maxkb:maxkb:1.6.1
-
cpe:2.3:a:maxkb:maxkb:1.7.0
-
cpe:2.3:a:maxkb:maxkb:1.7.1
-
cpe:2.3:a:maxkb:maxkb:1.7.2
-
cpe:2.3:a:maxkb:maxkb:1.8.0
-
cpe:2.3:a:maxkb:maxkb:1.8.1
-
cpe:2.3:a:maxkb:maxkb:1.9.0
-
cpe:2.3:a:maxkb:maxkb:1.9.1
-
cpe:2.3:a:maxkb:maxkb:2.0.1
-
cpe:2.3:a:maxkb:maxkb:2.0.2
-
cpe:2.3:a:maxkb:maxkb:2.1.0
-
cpe:2.3:a:maxkb:maxkb:2.1.1
-
cpe:2.3:a:maxkb:maxkb:2.1.2
-
cpe:2.3:a:maxkb:maxkb:2.2.0
-
cpe:2.3:a:maxkb:maxkb:2.2.1
-
cpe:2.3:a:maxkb:maxkb:2.3.0
-
cpe:2.3:a:maxkb:maxkb:2.3.1