CVE-2025-54558

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-54558
Type cve
Published 2025-07-25T00:00:00.000Z
Modified 2025-07-25T01:24:52.040Z

Product Information

Vendor OpenAI
Product Codex CLI
Version 0

CVSS Information

Base Score 4.1 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

  • OpenAI Codex CLI 0

Additional Information

CWE List CWE-829
Source mitre

Description

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the –pre or –hostname-bin or –search-zip or -z flag.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.