exploitDog

CVE-2025-66446

Опубликовано: 11 дек. 2025

Источник: nvd

CVSS3: 8.8

CVSS3: 7.5

EPSS Низкий

Описание

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.

Ссылки

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0
Release Notes
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xx2-3q9w-jpgf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:*

Версия до 2.4.0 (исключая)

EPSS

Процентиль: 13%

0.00043

Низкий

8.8 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-362

EPSS

Процентиль: 13%

0.00043

Низкий

8.8 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-362