CVE-2025-55523
LOW EXPLOITED NUCLEIAgent-Zero <0.8.* - Path Traversal
Title source: llmDescription
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
Nuclei Templates (1)
Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
HIGHVERIFIEDby 0x_Akoko
Shodan:
title:"Agent Zero"
FOFA:
title="Agent Zero"
Scores
CVSS v3
3.5
EPSS
0.0028
EPSS Percentile
51.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
VulnCheck KEV
2025-12-15
CWE
CWE-22
Status
published
Products (1)
agent-zero/agent-zero
0.8 - 0.9.4
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026