CVE-2025-66446 – CVE-2025-66446 is a privilege escalation vulner... (How to Fix)

Q: What is the severity of CVE-2025-66446?

CVE-2025-66446 has a CVSS score of 8.8 (HIGH). CVE-2025-66446 is a privilege escalation vulnerability in MaxKB AI assistant where improper file permissions allow attackers to overwrite critical system files like the dynamic linker. This could enable attackers to gain elevated privileges on affected systems. Organizations running MaxKB versions 2.3.1 or earlier are affected.

📋 TL;DR

CVE-2025-66446 is a privilege escalation vulnerability in MaxKB AI assistant where improper file permissions allow attackers to overwrite critical system files like the dynamic linker. This could enable attackers to gain elevated privileges on affected systems. Organizations running MaxKB versions 2.3.1 or earlier are affected.

💻 Affected Systems

Products:

MaxKB

Versions: 2.3.1 and below

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of MaxKB. The vulnerability requires local access to the system.

📦 What is this software?

Maxkb by Maxkb

View all CVEs affecting Maxkb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root/administrator privileges, allowing complete control over the server and potential lateral movement to other systems.

🟠

Likely Case

Local privilege escalation to root/admin, enabling installation of persistent backdoors, data exfiltration, or further attacks on the network.

🟢

If Mitigated

Limited impact if proper file permission hardening and least privilege principles are already implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. The vulnerability is in file permissions, making exploitation relatively straightforward for attackers with local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.0

Vendor Advisory: https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xx2-3q9w-jpgf

Restart Required: Yes

Instructions:

1. Backup your MaxKB configuration and data. 2. Stop the MaxKB service. 3. Update to version 2.4.0 using your package manager or from GitHub releases. 4. Restart the MaxKB service. 5. Verify the update was successful.

🔧 Temporary Workarounds

File Permission Hardening

linux

Manually adjust file permissions on critical MaxKB files to prevent unauthorized writes

chmod 644 /path/to/maxkb/critical/files
chown root:root /path/to/maxkb/critical/files

🧯 If You Can't Patch

Restrict local access to MaxKB servers to authorized personnel only
Implement strict file integrity monitoring on MaxKB installation directories

🔍 How to Verify

Check if Vulnerable:

Check MaxKB version: if version is 2.3.1 or lower, system is vulnerable

Check Version:

maxkb --version or check version in MaxKB web interface

Verify Fix Applied:

Verify MaxKB version is 2.4.0 or higher and check file permissions on critical system files

📡 Detection & Monitoring

Log Indicators:

Unauthorized file modification attempts in system logs
Permission denied errors for critical files
Unexpected process execution with elevated privileges

Network Indicators:

Unusual outbound connections from MaxKB server
SSH/RDP connections from unexpected sources

SIEM Query:

source="system_logs" AND (event="permission_denied" OR event="file_modification") AND process="maxkb"

📊 Metadata

CVE ID: CVE-2025-66446

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-362

EPSS Score: 0.04% exploit probability (12.8th percentile)

Published: December 11, 2025

Last Updated: December 15, 2025

🔗 References

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0 Release Notes
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xx2-3q9w-jpgf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66446, you might also want to check these: