CVE-2025-55012

CVSS

No CVSS.

Z

ed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access.

References

Link	Resource
https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr

Configurations

No configuration.

History

12 Aug 2025, 14:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-11 22:15

Updated : 2025-08-12 14:25

NVD link : CVE-2025-55012

Mitre link : CVE-2025-55012

CVE.ORG link : CVE-2025-55012

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2025-55012", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-11T22:15:27.843", "references": [{"url": "https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access."}, {"lang": "es", "value": "Zed es un editor de c\u00f3digo multijugador. Antes de la versi\u00f3n 0.197.3, el Panel de Agente de Zed permit\u00eda que un agente de IA lograra la Ejecuci\u00f3n Remota de C\u00f3digo (RCE) omitiendo las comprobaciones de permisos del usuario. Un agente de IA podr\u00eda haber explotado una vulnerabilidad de evasi\u00f3n de permisos para crear o modificar un archivo de configuraci\u00f3n espec\u00edfico del proyecto, lo que provoc\u00f3 la ejecuci\u00f3n de comandos arbitrarios en el equipo de la v\u00edctima sin la aprobaci\u00f3n expl\u00edcita que de otro modo se requerir\u00eda. Esta vulnerabilidad se ha corregido en la versi\u00f3n 0.197.3. Una soluci\u00f3n alternativa a este problema consiste en evitar el env\u00edo de solicitudes al Panel de Agente o limitar el acceso del agente de IA al sistema de archivos."}], "lastModified": "2025-08-12T14:25:33.177", "sourceIdentifier": "[email protected]"}