12 matches found
CVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
EUVD-2025-204009
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433
CVE-2025-68433 affects Zed IDE prior to 0.218.2-pre. The vulnerability arises from loading MCP configurations from a project/.zed/settings.json without explicit user confirmation, allowing a malicious MCP to execute arbitrary shell commands on the host with the IDE user’s privileges when a projec...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
EUVD-2025-204010
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
PT-2025-51976
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...
PT-2025-51975
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...