CNNVD-202512-3134 Information

CNNVD ID

CNNVD-202512-3134

Related CVE

CVE-2025-68432

• CNNVD Published: 2025-12-17

Description (Chinese)

Zed是Zed Industries开源的一个代码编辑器。 Zed 0.218.2-pre之前版本存在命令注入漏洞，该漏洞源于从项目.zed子目录的settings.json文件加载恶意LSP配置，可能导致任意代码执行。

Description (English)

Zed is an open source code editor for Zed Industries. Zed 0.218.2-pre had a command-injection loophole, which originated from the inclusion of a malicious LSP configuration in the settings.json file from the project.zed subdirectories, which could lead to any code execution.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

Zed Industries

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/zed-industries/zed/security/advisories/GHSA-29cp-2hmh-hcxj https://zed.dev/blog/secure-by-default https://access.redhat.com/security/cve/cve-2025-68432

Patch

https://github.com/zed-industries/zed/releases