Primary

Context

Agent-Zero Insecure Permissions Allow Arbitrary System Reset Vulnerability

Vulnerability

A vulnerability in Agent-Zero versions 0.8.* has been identified, allowing unauthenticated attackers to arbitrarily restart the system, leading to a denial-of-service condition. This issue arises from insecure permissions that expose the 'restart/pause' method, causing the system to become unresponsive for a period before recovering.

Impact

Exploitation of this vulnerability causes the system to become unresponsive, leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a request to the '/restart/pause' endpoint. The system will become unresponsive but will recover after some time.

Remediation

Users are advised to upgrade to Agent-Zero version 0.9 or later, where this vulnerability has been fixed.

Added: Aug 21, 2025, 6:18 PM

Updated: Aug 21, 2025, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agent-Zero Insecure Permissions Allow Arbitrary System Reset Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating