CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

Cursor 路径遍历漏洞

Cursor is an AI code editor from the Cursor open source. A path traversal vulnerability exists in Cursor versions 0.45.0 through 0.48.6, which stems from not properly restricting file path modification permissions, which could lead to a specially crafted context-triggered write to a file outside...