CVE-2025-55012

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-55012

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55012.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55012

Aliases

GHSA-x34m-39xw-g2wr

Published

2025-08-11T21:25:40.465Z

Modified

2025-12-05T10:20:11.747210Z

Severity

8.5 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Zed AI Agent Remote Code Execution

Details

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284",
        "CWE-288"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55012.json"
}

References

Affected packages

Git / github.com/zed-industries/zed

Affected ranges

Type

GIT

Repo

https://github.com/zed-industries/zed

Events

Introduced

Fixed

dd60cc285b759e23c9de0eaee9513dc707d212d2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.197.3"
        }
    ]
}

Affected versions

Other

benchmark-m4

nightly-1

collab-v0.*

collab-v0.10.0

collab-v0.11.0

collab-v0.12.0

collab-v0.12.1

collab-v0.12.3

collab-v0.12.4

collab-v0.12.5

collab-v0.13.0

collab-v0.13.1

collab-v0.14.0

collab-v0.14.1

collab-v0.14.2

collab-v0.15.0

collab-v0.16.0

collab-v0.17.0

collab-v0.18.0

collab-v0.19.0

collab-v0.2.0

collab-v0.2.1

collab-v0.2.2

collab-v0.2.3

collab-v0.2.4

collab-v0.2.5

collab-v0.20.0

collab-v0.21.0

collab-v0.22.0

collab-v0.22.1

collab-v0.23.0

collab-v0.23.1

collab-v0.23.2

collab-v0.23.3

collab-v0.24.0

collab-v0.25.0

collab-v0.26.0

collab-v0.27.0

collab-v0.28.0

collab-v0.29.0

collab-v0.29.1

collab-v0.3.0

collab-v0.3.1

collab-v0.3.10

collab-v0.3.11

collab-v0.3.12

collab-v0.3.13

collab-v0.3.14

collab-v0.3.2

collab-v0.3.3

collab-v0.3.4

collab-v0.3.5

collab-v0.3.6

collab-v0.3.7

collab-v0.3.8

collab-v0.3.9

collab-v0.30.0

collab-v0.30.1

collab-v0.31.0

collab-v0.32.0

collab-v0.33.0

collab-v0.34.0

collab-v0.35.0

collab-v0.36.0

collab-v0.36.1

collab-v0.37.0

collab-v0.38.0

collab-v0.39.0

collab-v0.4.0

collab-v0.4.1

collab-v0.4.2

collab-v0.40.0

collab-v0.40.1

collab-v0.41.0

collab-v0.42.0

collab-v0.42.1

collab-v0.43.0

collab-v0.44.0

collab-v0.5.0

collab-v0.5.1

collab-v0.5.2

collab-v0.5.3

collab-v0.5.4

collab-v0.6.0

collab-v0.6.1

collab-v0.6.2

collab-v0.7.0

collab-v0.7.1

collab-v0.7.2

collab-v0.8.0

collab-v0.8.1

collab-v0.8.2

collab-v0.8.3

collab-v0.9.0

v0.*

v0.1

v0.10

v0.10.1

v0.11

v0.11.0

v0.12

v0.13

v0.13.1

v0.14

v0.14.1

v0.15.0

v0.15.1

v0.15.2

v0.16.0

v0.17.0

v0.18.0

v0.18.1

v0.19.0

v0.197.0-pre

v0.197.1-pre

v0.197.2-pre

v0.2

v0.2.1

v0.2.2

v0.20

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.24.1

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.28.1

v0.29.0

v0.3

v0.3.1

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.36.1

v0.37.0

v0.38.0

v0.39.0

v0.4

v0.40.0

v0.41.0

v0.42.0

v0.43.0

v0.44.0

v0.44.1

v0.45.0

v0.46.0

v0.47.0

v0.47.1

v0.48.0

v0.48.1

v0.49.0

v0.49.1

v0.5

v0.50.0

v0.51.0

v0.51.1

v0.52.0

v0.53.0

v0.53.1

v0.54.0

v0.54.1

v0.55.0

v0.56.0

v0.57.0

v0.58.0

v0.59.0

v0.6

v0.60.0

v0.60.1

v0.60.2

v0.60.3

v0.60.4

v0.61.0

v0.7

v0.8.0

v0.9