CVE-2025-55523
published 2025-08-21CVE-2025-55523: An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
PriorityP274low3.5CVSS 3.1
AVAACLPRLUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.98%
57.7th percentile
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agent-zero | agent-zero | 0.8 – 0.9.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
rule CVE_2025_55523_AgentZero_PathTraversal { strings: $re1 = /root:.*:0:0:/ $hdr = "filename=passwd" condition: $re1 and $hdr }- →Look for unauthenticated GET requests to /download_work_dir_file with a 'path' parameter containing traversal sequences (e.g., '../' or absolute paths like '/etc/passwd'). ↗
- →Successful exploitation returns HTTP 200 with a response body matching 'root:.*:0:0:' and a Content-Disposition header containing 'filename=passwd'. ↗
- →Shodan/FOFA exposure: identify internet-facing Agent-Zero instances via title:'Agent Zero' or title="Agent Zero" as potential targets. ↗
- →The vulnerability is unauthenticated (PR:N/UI:N) — no session or credentials are required to exploit the path traversal endpoint. ↗
- ·Affected versions are Agent-Zero 0.8.0 through 0.9.4 only; instances outside this range are not vulnerable to this specific issue. ↗
CVSS provenance
nvdv3.13.5LOWCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vulncheck3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gxv2-p3q2-hmw6: An issue in the component /api/download_work_dir_file
ghsa_unreviewed·2025-08-21
CVE-2025-55523 [LOW] CWE-22 GHSA-gxv2-p3q2-hmw6: An issue in the component /api/download_work_dir_file
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
VulnCheck
agent-zero agent-zero Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2025·CVSS 3.5
CVE-2025-55523 [LOW] agent-zero agent-zero Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
agent-zero agent-zero Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
Affected: frdel Agent-Zero
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2025-55523
No detection rules found.
Nuclei
Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
nuclei·CVSS 3.5
CVE-2025-55523 [LOW] Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
Agent-Zero v0.8.0 - 0.9.4 contains a path traversal caused by improper validation in /api/download_work_dir_file.py, letting attackers access unauthorized files, exploit requires crafted request.
Template:
id: CVE-2025-55523
info:
name: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
author: 0x_Akoko
severity: high
description: |
Agent-Zero v0.8.0 - 0.9.4 contains a path traversal caused by improper validation in /api/download_work_dir_file.py, letting attackers access unauthorized files, exploit requires crafted request.
impact: |
Attackers can access unauthorized files, potentially exposing sensitive data or system information.
remediation: |
Update to the latest version of Agent-Zero
reference:
- https://nvd.nist.gov/vuln/detail/
No writeups or analysis indexed.
2025-08-21
Published
Exploited in the wild