CVE-2025-55523
LOW EXPLOITED NUCLEIagent-zero 0.8-0.9.3 - Path Traversal via /api/download_work_dir_file.py
Title source: llmExploitation Summary
CVE-2025-55523 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
Nuclei Templates (1)
Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
HIGHVERIFIEDby 0x_Akoko
Shodan:
title:"Agent Zero"
FOFA:
title="Agent Zero"
References (3)
Core 3
Core References
Exploit, Issue Tracking, Vendor Advisory
https://github.com/agent0ai/agent-zero/issues/687
Not Applicable
https://www.cve.org/CVERecord?id=CVE-2025-6166
Scores
CVSS v3
3.5
EPSS
0.0029
EPSS Percentile
52.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-12-15
CWE
CWE-22
Status
published
Products (1)
agent-zero/agent-zero
0.8 - 0.9.4
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026