CVE-2025-58766
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-58766. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker container protections. An attacker can craft web content that automatically executes when the preview loads. The malicious content can break out of the application's security boundaries and gain control of the system. This has been fixed in Dyad v0.20.0 and later.
Available Exploits
Related News
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker container protections. An attacker can craft web content that automatically executes when the preview loads. The malicious content can break out of the application's security boundaries and gain control of the system. This has been fixed in Dyad v0.20.0 and later.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: September 17, 2025