CVE-2025-68433 – Zed code editor versions before 0.218.2-pre hav... (How to Fix)

Q: What is the severity of CVE-2025-68433?

CVE-2025-68433 has a CVSS score of 7.7 (HIGH). Zed code editor versions before 0.218.2-pre have an arbitrary code execution vulnerability where malicious MCP configurations in project settings files can execute shell commands automatically when opening projects. This affects all users running vulnerable versions of Zed, particularly developers working with untrusted projects.

📋 TL;DR

Zed code editor versions before 0.218.2-pre have an arbitrary code execution vulnerability where malicious MCP configurations in project settings files can execute shell commands automatically when opening projects. This affects all users running vulnerable versions of Zed, particularly developers working with untrusted projects.

💻 Affected Systems

Products:

Zed

Versions: All versions prior to 0.218.2-pre

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerability is triggered by opening any project containing malicious .zed/settings.json files.

📦 What is this software?

Zed by Zed

View all CVEs affecting Zed →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the host system with the privileges of the user running Zed, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Attackers could steal credentials, install malware, or exfiltrate sensitive project data when developers open malicious projects from untrusted sources.

🟢

If Mitigated

With proper controls, the risk is limited to isolated development environments with minimal privileges and no access to production systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (opening a malicious project) but no authentication. The attack vector is simple and reliable once malicious settings are in place.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.218.2-pre

Vendor Advisory: https://github.com/zed-industries/zed/security/advisories/GHSA-cv6g-cmxc-vw8j

Restart Required: Yes

Instructions:

1. Update Zed to version 0.218.2-pre or later. 2. Restart the Zed application. 3. Verify the update by checking the version in Zed's about dialog.

🔧 Temporary Workarounds

Manual settings review

all

Manually inspect .zed/settings.json files in all projects before opening them in Zed

cat .zed/settings.json
type .zed\settings.json

🧯 If You Can't Patch

Avoid opening projects from untrusted sources or repositories
Run Zed with minimal user privileges and in isolated environments

🔍 How to Verify

Check if Vulnerable:

Check Zed version in Help > About or run 'zed --version' in terminal. If version is below 0.218.2-pre, you are vulnerable.

Check Version:

zed --version

Verify Fix Applied:

Confirm Zed version is 0.218.2-pre or higher. The worktree trust mechanism will prompt for trust when opening projects with MCP configurations.

📡 Detection & Monitoring

Log Indicators:

Unexpected shell command execution from Zed process
Creation of suspicious files or processes by Zed

Network Indicators:

Unusual outbound connections from Zed process to external servers

SIEM Query:

process_name:zed AND (command_line:*cmd* OR command_line:*sh* OR command_line:*powershell*)

📊 Metadata

CVE ID: CVE-2025-68433

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.03% exploit probability (7.2th percentile)

Published: December 17, 2025

Last Updated: February 19, 2026

🔗 References

https://github.com/zed-industries/zed/security/advisories/GHSA-cv6g-cmxc-vw8j Vendor Advisory,Exploit
https://zed.dev/blog/secure-by-default Product,Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68433, you might also want to check these: