CVE-2025-55523

LOW EPSS 57.7%
Published Aug 21, 202510mo ago · Modified Jun 17, 20261w ago
3.5 CVSS 3.1
Low
Find Similar
Published Aug 21, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.

CVSS Details

Base Score
3.5
Exploitability
2.1
Impact
1.4
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
57.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
agent-zeroagent-zero*≥0.8  –  ≤0.9.4

References 3

  • github.com https://github.com/agent0ai/agent-zero/issues/687
    ExploitIssue TrackingVendor Advisory
  • github.com https://github.com/frdel/agent-zero/blob/v0.8.7/python/api/download_work_dir_file.py
    Product
  • cve.org https://www.cve.org/CVERecord?id=CVE-2025-6166
    Not Applicable

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.