CVE-2025-66419
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| maxkb | maxkb | to 2.4.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in MaxKB versions 2.3.1 and below allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This means that an attacker can break out of the restricted execution environment intended to isolate processes and gain higher-level access than normally permitted.
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including unauthorized access to sensitive data, full control over the affected system, and potential disruption of services. Because the attacker can escalate privileges, they may execute arbitrary code with elevated rights, compromising confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
Upgrade MaxKB to version 2.4.0 or later, as this version fixes the sandbox escape and privilege escalation vulnerability present in versions 2.3.1 and below.