CVE-2025-6166 is a path traversal vulnerability identified in the frdel Agent-Zero software, affecting versions 0.8.0 through 0.8.4. The vulnerability resides in the image_get function within the /python/api/image_get.py file. Specifically, the issue arises from improper validation or sanitization of the 'path' argument, allowing an attacker with limited privileges (PR:L) to manipulate this parameter to traverse directories outside the intended scope. This can lead to unauthorized access to files on the host system that the Agent-Zero process has permissions to read. The vulnerability does not require user interaction (UI:N) and does not allow for privilege escalation or modification of data integrity or availability, but it does impact confidentiality by potentially exposing sensitive files. The attack vector is adjacent network (AV:A), meaning the attacker must have some level of network access to the vulnerable system, such as being on the same local network or connected via VPN. The vulnerability has a CVSS 4.0 base score of 5.1, categorized as medium severity. The issue is addressed by upgrading to version 0.8.4.1, which includes a patch identified by commit 5db74202d632306a883ccce7339c5bdba0d16c5a. There are no known exploits in the wild at the time of publication, and no user interaction is required for exploitation. The scope of impact is limited to confidentiality, with no impact on integrity or availability, and the vulnerability does not propagate beyond the vulnerable component.

For European organizations using frdel Agent-Zero, this vulnerability could lead to unauthorized disclosure of sensitive files within the environment where the software is deployed. Given the adjacent network attack vector, attackers with network access—such as internal threat actors or compromised devices within the same network segment—could exploit this flaw to access configuration files, credentials, or other sensitive data that reside on the host system. This could facilitate further lateral movement or reconnaissance activities. The impact is particularly relevant for organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, where exposure of confidential information can lead to regulatory penalties under GDPR and damage to reputation. However, since the vulnerability requires some level of authenticated access (low privileges) and network proximity, remote exploitation from the internet without prior access is unlikely. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure. Organizations relying on Agent-Zero for automation or monitoring should consider the risk of sensitive data leakage and potential compliance implications.

1. Immediate upgrade: Organizations should prioritize upgrading frdel Agent-Zero to version 0.8.4.1 or later, which contains the patch that addresses the path traversal vulnerability. 2. Network segmentation: Limit network access to systems running Agent-Zero by enforcing strict network segmentation and access controls, reducing the attack surface to only trusted internal hosts. 3. Principle of least privilege: Ensure that the Agent-Zero service runs with the minimal necessary permissions, restricting file system access to only required directories to minimize the impact of potential path traversal. 4. Input validation: If custom integrations or wrappers around Agent-Zero exist, implement additional input validation and sanitization on parameters passed to the image_get function or similar interfaces. 5. Monitoring and logging: Enable detailed logging of access to the image_get API and monitor for unusual or unauthorized path requests that could indicate exploitation attempts. 6. Incident response readiness: Prepare to investigate and respond to any suspicious activity related to file access on systems running Agent-Zero, including forensic analysis of logs and file access patterns. 7. Vendor communication: Maintain communication with frdel for any further updates or advisories related to Agent-Zero vulnerabilities.