216.73.217.86

CVE-2025-58766

· Published 17/09/2025 18:15 · Modified 18/09/2025 13:43

Labels: CVE-2025-58766 2025-09-17CVE-2025-58766CWE-94[email protected]

Essential information

Published
17/09/2025 18:15
Modified
18/09/2025 13:43
Author
Creator
CVSS
9.0 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker container protections. An attacker can craft web content that automatically executes when the preview loads. The malicious content can break out of the application's security boundaries and gain control of the system. This has been fixed in Dyad v0.20.0 and later.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dyad / dyad cpe:2.3:a:dyad:dyad:0.19.0:*:*:*:*:*:*:*
dyad / dyad cpe:2.3:a:dyad:dyad:<0.20.0:*:*:*:*:*:*:*

References