CVE-2025-68433

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre

Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol (MCP) configurations. These configurations, found in the settings.json file within a project’s .zed subdirectory, can contain arbitrary shell commands. These commands execute on the host system with the privileges of the user running the IDE, potentially triggered automatically upon opening a project. The vulnerability stems from the IDE loading MCP configurations without proper validation.

Recommendations Versions prior to 0.218.2-pre should be updated to version 0.218.2-pre or later. Carefully review the contents of project settings files (./zed/settings.json) before opening new projects in Zed.