Directory Traversal Vulnerability in Agent-Zero by frdel
CVE-2025-55523

3.5LOW

Key Information:

Vendor: frdel
Status: Agent-Zero
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-55523?

A vulnerability in the Agent-Zero application allows attackers to exploit the /api/download_work_dir_file.py component. This issue can lead to unauthorized access to sensitive files on the server due to improper validation of user input, enabling a directory traversal attack. Attackers may use this exploit to traverse the directory structure and access confidential information beyond the intended scope.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/frdel/agent-zero/blob/v0.8.7/python/ap...

https://www.cve.org/CVERecord?id=CVE-2025-6166

https://github.com/agent0ai/agent-zero/issues/687

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 13, 2025

JSON

frdel

What is CVE-2025-55523?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.