CVE-2025-58766
📋 TL;DR
This critical vulnerability in Dyad v0.19.0 and earlier allows attackers to execute arbitrary code on users' systems by crafting malicious web content that automatically executes when loaded in the application's preview window. The attack can bypass Docker container protections, potentially giving attackers full control of affected systems. All users running vulnerable versions of Dyad are affected.
💻 Affected Systems
- Dyad
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining root/administrator privileges, data theft, ransomware deployment, and persistent backdoor installation.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive data, system configuration changes, and lateral movement within the network.
If Mitigated
Limited impact if running in isolated environments with strict network segmentation and minimal privileges, though code execution would still be possible within the container.
🎯 Exploit Status
The advisory suggests exploitation is straightforward via crafted web content. No public exploit code has been identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.20.0 and later
Vendor Advisory: https://github.com/dyad-sh/dyad/security/advisories/GHSA-7fxm-c5xx-7vpq
Restart Required: Yes
Instructions:
1. Stop all Dyad instances. 2. Update to v0.20.0 or later using your package manager or by downloading from the official repository. 3. Restart Dyad services.
🔧 Temporary Workarounds
Disable Preview Functionality
allTemporarily disable the preview window feature to prevent exploitation
Check Dyad configuration for preview settings and disable if possible
Network Isolation
allIsolate Dyad instances from sensitive networks and the internet
Configure firewall rules to restrict Dyad network access
🧯 If You Can't Patch
- Isolate affected systems from production networks and the internet
- Implement strict application whitelisting and monitor for suspicious process execution
🔍 How to Verify
Check if Vulnerable:
Check Dyad version using 'dyad --version' or equivalent command. If version is 0.19.0 or earlier, the system is vulnerable.Check Version:
dyad --versionVerify Fix Applied:
After updating, verify version is 0.20.0 or later using 'dyad --version'. Test preview functionality with safe content.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from Dyad context
- Suspicious network connections originating from Dyad
- Error logs related to preview window failures
Network Indicators:
- Unexpected outbound connections from Dyad instances
- Traffic patterns suggesting command and control communication
SIEM Query:
process.name:"dyad" AND (process.cmdline:*preview* OR process.cmdline:*http*)