OpenAI Codex CLI 输入验证错误漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. An input validation error vulnerability exists in OpenAI Codex CLI versions 0.2.0 through 0.38.0, which stems from an error in the sandbox configuration logic and could lead to arbitrary file...

Codex has sandbox bypass due to bug in path configuration logic

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...

GHSA-W5FX-FH39-J5RW Codex has sandbox bypass due to bug in path configuration logic

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...

PT-2025-39079

Name of the Vulnerable Software and Affected Versions Codex CLI versions 0.2.0 through 0.38.0 Codex IDE extension versions prior to 0.4.12 Description Codex CLI, a coding agent from OpenAI, had a flaw in its sandbox configuration logic. This allowed the software to incorrectly identify the writab...

Malicious code in codex-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9c0b0d3723aea4e9ace65a23c56b8f951b48f31f09558674bc6de5e788c8c7de The OpenSSF Package Analysis project identified 'codex-monorepo' @ 8.1.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-46997 Malicious code in codex-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9c0b0d3723aea4e9ace65a23c56b8f951b48f31f09558674bc6de5e788c8c7de The OpenSSF Package Analysis project identified 'codex-monorepo' @ 8.1.1 npm as malicious. It is considered malicious because: - The package...

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

CVE-2025-55345 Unsafe symlink following in restricted workspace-write sandbox leads to RCE

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

CVE-2025-55345

CVE-2025-55345 concerns OpenAI Codex CLI when used in a restricted workspace-write sandbox. The issue arises because symlinks are followed outside the allowed current working directory in a malicious context (repo/directory), enabling arbitrary file overwrite and potentially remote code execution...

CVE-2025-55345 Unsafe symlink following in restricted workspace-write sandbox leads to RCE

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

OpenAI Codex CLI 安全漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. A security vulnerability exists in OpenAI Codex CLI that stems from the fact that use of Codex CLI in a malicious context could lead to arbitrary file overwriting and potential remote code...

PT-2025-32971 · Codex Cli · Codex Cli

Name of the Vulnerable Software and Affected Versions: Codex CLI affected versions not specified Description: Using Codex CLI in workspace-write mode within a malicious context repository, directory, etc. may lead to arbitrary file overwrite and potentially remote code execution. This occurs...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...

Inclusion of Functionality from Untrusted Control Sphere

Overview @openai/codex is a OpenAI Codex CLI Lightweight coding agent that runs in your terminal Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere due to auto-approving ripgrep execution even when the --pre, --hostname-bin, --search-zip, ...

OpenAI Codex CLI 安全漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. A security vulnerability exists in OpenAI Codex CLI versions prior to 0.9.0 that stems from automatic approval of ripgrep execution, which could lead to a security risk...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...