{"id":"CVE-2025-55523","details":"An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.","modified":"2026-04-10T05:29:59.021828Z","published":"2025-08-21T18:15:34.937Z","references":[{"type":"WEB","url":"https://github.com/frdel/agent-zero/blob/v0.8.7/python/api/download_work_dir_file.py"},{"type":"WEB","url":"https://www.cve.org/CVERecord?id=CVE-2025-6166"},{"type":"REPORT","url":"https://github.com/agent0ai/agent-zero/issues/687"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/agent0ai/agent-zero","events":[{"introduced":"13beedc98e1ef6f15852495b111754134594c701"},{"last_affected":"d0a9444fb8b303266a1a01d43e7804eb45e1d2c4"}],"database_specific":{"versions":[{"introduced":"0.8"},{"last_affected":"0.9.4"}]}}],"versions":["v0.8","v0.8.1","v0.8.1.2","v0.8.2","v0.8.2.1","v0.8.3","v0.8.3.1","v0.8.4","v0.8.4.1","v0.8.4.2","v0.8.5","v0.8.5.1","v0.8.6","v0.8.7","v0.9.0","v0.9.1","v0.9.1-pre","v0.9.1.1","v0.9.1.2","v0.9.3-pre","v0.9.4-pre"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55523.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}