CVE-2025-66419

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.4.0

Description MaxKB, an open-source AI assistant for enterprise, contains a flaw in the tool module that allows an attacker to escape the sandbox environment and gain elevated privileges. This occurs under specific concurrent conditions.

Recommendations Update to version 2.4.0 or later.

Exploit

Fix

LPE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2025-66419

GHSA-F9QM-2PXQ-FX6C

Affected Products

Maxkb

CVE-2025-66419

Weakness Enumeration

Related Identifiers

Affected Products

References · 8