{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55012", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-08-04T17:34:24.422Z", "datePublished": "2025-08-11T21:25:40.465Z", "dateUpdated": "2025-08-12T15:40:17.885Z"}, "containers": {"cna": {"title": "Zed AI Agent Remote Code Execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "lang": "en", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr"}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"version": "< 0.197.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-11T21:25:40.465Z"}, "descriptions": [{"lang": "en", "value": "Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access."}], "source": {"advisory": "GHSA-x34m-39xw-g2wr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-12T15:40:06.606179Z", "id": "CVE-2025-55012", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T15:40:17.885Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55012", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-12T15:40:06.606179Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T15:40:13.073Z"}}], "cna": {"title": "Zed AI Agent Remote Code Execution", "source": {"advisory": "GHSA-x34m-39xw-g2wr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "zed-industries", "product": "zed", "versions": [{"status": "affected", "version": "< 0.197.3"}]}], "references": [{"url": "https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr", "name": "https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-11T21:25:40.465Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55012", "state": "PUBLISHED", "dateUpdated": "2025-08-12T15:40:17.885Z", "dateReserved": "2025-08-04T17:34:24.422Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-11T21:25:40.465Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access."}, {"lang": "es", "value": "Zed es un editor de c\u00f3digo multijugador. Antes de la versi\u00f3n 0.197.3, el Panel de Agente de Zed permit\u00eda que un agente de IA lograra la Ejecuci\u00f3n Remota de C\u00f3digo (RCE) omitiendo las comprobaciones de permisos del usuario. Un agente de IA podr\u00eda haber explotado una vulnerabilidad de evasi\u00f3n de permisos para crear o modificar un archivo de configuraci\u00f3n espec\u00edfico del proyecto, lo que provoc\u00f3 la ejecuci\u00f3n de comandos arbitrarios en el equipo de la v\u00edctima sin la aprobaci\u00f3n expl\u00edcita que de otro modo se requerir\u00eda. Esta vulnerabilidad se ha corregido en la versi\u00f3n 0.197.3. Una soluci\u00f3n alternativa a este problema consiste en evitar el env\u00edo de solicitudes al Panel de Agente o limitar el acceso del agente de IA al sistema de archivos."}], "id": "CVE-2025-55012", "lastModified": "2025-08-12T14:25:33.177", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-11T22:15:27.843", "references": [{"source": "[email protected]", "url": "https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-288"}], "source": "[email protected]", "type": "Primary"}]}

{}