CVE-2025-55012 – Zed Agent Panel Remote Code Execution Permissions Bypass

August 11, 2025

CVE ID : CVE-2025-55012

Published : Aug. 11, 2025, 10:15 p.m. | 1 hour, 53 minutes ago

Description : Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim’s machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent’s file system access.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-54992 – OpenKilda OpenFlow XXE Injection

Next Article CVE-2025-55150 – Stirling-PDF SSRF Vulnerability

Highlights

CVE-2025-53637 – Meshtastic Code Injection Vulnerability

July 10, 2025

CVE ID : CVE-2025-53637

Published : July 10, 2025, 10:15 p.m. | 24 minutes ago

Description : Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part, user-controlled input is interpolated unsafely into the code. If this were to be exploited, attackers could inject unauthorized code into the repository. This vulnerability is fixed in 2.6.6.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

GitHub’s CEO Thomas Dohmke steps down, triggering tighter integration of company within Microsoft

bitHuman launches SDK for creating AI avatars

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

I found a Google Maps alternative that won’t track you or drain your battery – and it’s free

I tested this new AI podcast tool to see if it can beat NotebookLM – here’s how it did

Microsoft’s new update makes your taskbar a productivity hub – here’s how

Save $50 on the OnePlus Pad 3 plus get a free gift – here’s the deal

Laravel Global Scopes: Automatic Query Filtering

Laravel Global Scopes: Automatic Query Filtering

Building MCP Servers in PHP

Filament v4 is Stable!

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

Madden NFL 26 Leads This Week’s Xbox Drops—But Don’t Miss These Hidden Gems

ASUS G14 Bulked Up for 2025—Still Sexy, Just a Bit Chonkier

CVE-2025-55012 – Zed Agent Panel Remote Code Execution Permissions Bypass

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

WinRAR zero-day exploited in espionage attacks against high-value targets

Nite Riot: Minimalism Gets a Wild Side

CVE-2025-3594 – Liferay Portal Xuggler Path Traversal Remote File Inclusion

Get up to a year of Adobe Creative Cloud access for 40% off

Understanding Input Selectivity in Mamba

CVE-2025-53637 – Meshtastic Code Injection Vulnerability

MedTech in 2025: Leading With Intelligence Across the Device Lifecycle

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

CVE-2025-49252 – ThemBay Besa PHP Remote File Inclusion

CVE-2025-55012 – Zed Agent Panel Remote Code Execution Permissions Bypass

Related Posts