Zed editor AI agent could bypass permissions for arbitrary code execution

Aug 2025

CVE-2025-55012 (CVSS 8.5) allowed Zed's AI agent to bypass user permission checks and create or modify project configuration files, enabling execution of arbitrary commands without explicit approval. Attackers could trigger this through compromised MCP servers, malicious repo files, or tricking users into fetching URLs with hidden instructions.

Incident Details

Perpetrator:AI coding agent

Severity:Facepalm

Blast Radius:All Zed users with Agent Panel prior to version 0.197.3

Tech Stack

Zed EditorAI Agent Panel

References

GitHub Advisory: AI Agent Remote Code Execution in Zed ↗NVD: CVE-2025-55012 ↗CVE Feed: CVE-2025-55012 Zed AI Agent Remote Code Execution ↗