Privilege Escalation Vulnerability in MaxKB AI Assistant by 1Panel
CVE-2025-66419

8.8HIGH

Key Information:

Vendor

1panel-dev

Status
Maxkb
Vendor
CVE Published:
11 December 2025

What is CVE-2025-66419?

The MaxKB AI assistant, an open-source tool by 1Panel, exhibits a vulnerability in versions 2.3.1 and earlier. This issue lies within the tool module, where an attacker, under specific concurrent conditions, can bypass the sandbox environment, allowing for privilege escalation. The vulnerability has been rectified in version 2.4.0, emphasizing the importance of updating to mitigate risks associated with unauthorized access.

Affected Version(s)

MaxKB < 2.4.0

References

https://github.com/1Panel-dev/MaxKB/security/advisories/G...
x_refsource_CONFIRM
https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4db...
x_refsource_MISC
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-66419 : Privilege Escalation Vulnerability in MaxKB AI Assistant by 1Panel