CVE-2026-25805 is a vulnerability classified under CWE-356, which concerns the lack of adequate user interface warnings for unsafe actions. The affected product, Zed, is a multiplayer code editor used for collaborative software development. Prior to version 0.219.4, Zed's UI does not display the parameters with which a tool is invoked when requesting user permission, nor does it show these parameters after the tool has been executed. This omission means users cannot verify or detect if malicious or unintended parameters are being used during tool execution. Such a flaw can be exploited by an attacker with privileges and requiring user interaction to trick users into approving unsafe tool invocations, potentially leading to unauthorized code execution, data leakage, or system compromise. The vulnerability has a CVSS v3.1 base score of 6.4, reflecting a medium severity with network attack vector, high attack complexity, required privileges, and user interaction. The scope is unchanged, but the impact on confidentiality, integrity, and availability is high. The vendor addressed this issue in Zed version 0.219.4 by introducing expandable tool call details in the UI, improving transparency and allowing users to see exactly what parameters are being used during tool invocation. No known exploits are currently reported in the wild.

For European organizations, especially those involved in software development and collaborative coding environments, this vulnerability poses a risk of unauthorized code execution or injection of malicious parameters during tool invocation in Zed. This can lead to data breaches, intellectual property theft, or disruption of development workflows. Given the collaborative nature of Zed, compromised parameters could propagate malicious code or configurations across teams, amplifying the impact. Confidentiality, integrity, and availability of development environments and source code repositories could be severely affected. The requirement for user interaction and privileges limits the attack surface but does not eliminate risk, particularly in environments with less stringent access controls or where social engineering is feasible. Organizations relying on Zed without the patched version may face increased risk of insider threats or targeted attacks exploiting this UI weakness.

European organizations should immediately upgrade all instances of Zed to version 0.219.4 or later to benefit from the patched UI that displays tool invocation parameters. Until upgrades are complete, enforce strict policies requiring manual verification of all tool invocations and parameters in collaborative sessions. Implement role-based access controls to limit privileges for tool execution within Zed. Conduct user training to raise awareness about the risks of approving tool actions without verifying parameters. Employ network segmentation and monitoring to detect anomalous tool usage or unexpected parameter patterns. Integrate code review and automated scanning tools to detect suspicious code or parameter injections. Maintain an inventory of all Zed installations and monitor for unauthorized versions. Finally, consider isolating critical development environments from internet access to reduce exposure.