Home > Vulnerability Database > CVE-2025-55012

Mend.io Vulnerability Database

CVE-2025-55012

Good to know:

Date: August 11, 2025

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access.

Severity Score

7.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55012

Url: https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr

Url: https://www.mend.io/vulnerability-database/CVE-2025-55012

Severity Score

7.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Authentication Bypass Using an Alternate Path or Channel

CWE-288

Top Fix

Upgrade Version

Upgrade to version https://github.com/zed-industries/zed.git - v0.197.3

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55012

Good to know:

Date: August 11, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?