exploitDog

CVE-2025-66419

Опубликовано: 11 дек. 2025

Источник: nvd

CVSS3: 8.8

CVSS3: 10

EPSS Низкий

Описание

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

Ссылки

https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7
Patch
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0
Release Notes
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:*

Версия до 2.4.0 (исключая)

EPSS

Процентиль: 15%

0.00049

Низкий

8.8 High

CVSS3

10 Critical

CVSS3

Дефекты

CWE-362

EPSS

Процентиль: 15%

0.00049

Низкий

8.8 High

CVSS3

10 Critical

CVSS3

Дефекты

CWE-362