What is CVE-2025-68433?

CVE-2025-68433 is a high-severity vulnerability in Zed-industries Zed, classified under Command Injection. CVSS score: 7.8/10. Published 2025-12-17.

How severe is CVE-2025-68433?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Zed-industries Zed

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from the `settings.json` file located within a project’s `.zed` subdirectory…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (9.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Zed-industries Zed — versions < 0.218.2-pre

Weakness classification (CWE)

CWE-77 — Command Injection

References

https://github.com/zed-industries/zed/security/advisories/GHSA-cv6g-cmxc-vw8j (x_refsource_CONFIRM)
https://zed.dev/blog/secure-by-default (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-68433?: CVE-2025-68433 is a high-severity vulnerability in Zed-industries Zed, classified under Command Injection. CVSS score: 7.8/10. Published 2025-12-17.
How severe is CVE-2025-68433?: High severity. CVSS v3 base score is 7.8 out of 10.