What is CVE-2025-66419?

CVE-2025-66419 is a high-severity vulnerability in 1panel-dev Maxkb, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 8.8/10. Published 2025-12-11.

How severe is CVE-2025-66419?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in 1panel-dev Maxkb

CVE-2025-66419

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in vers…

Vulnerability class: Race Condition

EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

1panel-dev Maxkb — versions < 2.4.0

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c (x_refsource_CONFIRM)
https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7 (x_refsource_MISC)
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-66419?: CVE-2025-66419 is a high-severity vulnerability in 1panel-dev Maxkb, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 8.8/10. Published 2025-12-11.
How severe is CVE-2025-66419?: High severity. CVSS v3 base score is 8.8 out of 10.