CVE-2025-54558
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unofficial | ripgrep | * |
| openai | codex | 0.9.0 |
| rust-lang | rust | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenAI Codex CLI before version 0.9.0 involves the automatic approval of ripgrep (rg) command executions even when certain unsafe flags are used. Specifically, the flags --pre, --hostname-bin, --search-zip, and -z allow ripgrep to execute arbitrary commands, specify custom hostname commands, or trigger external decompression utilities. Because these invocations were auto-approved without user confirmation, it could lead to execution of potentially harmful or unverified commands. The vulnerability is mitigated by updating the logic to detect these unsafe flags and require explicit user approval before executing ripgrep with them. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing potentially unsafe or arbitrary command execution through ripgrep invocations within the OpenAI Codex CLI. If an attacker or malicious input causes ripgrep to be run with unsafe flags like --pre or --hostname-bin, it could lead to execution of arbitrary commands or leakage of environment details without user consent. This could compromise system security, lead to unauthorized actions, or expose sensitive information. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or auditing invocations of the ripgrep (rg) command within the OpenAI Codex CLI environment, specifically looking for usage of the unsafe flags: --pre, --hostname-bin, --search-zip, or -z. Commands that include these flags indicate potential exploitation of the vulnerability. For detection, you can search command history or logs for ripgrep invocations containing these flags. Example commands to detect such usage include: 1) Using shell history grep: `history | grep rg | grep -E '--pre|--hostname-bin|--search-zip|-z'` 2) Searching process command lines in real-time or from logs: `ps aux | grep rg | grep -E '--pre|--hostname-bin|--search-zip|-z'` or `grep -r 'rg.*(--pre|--hostname-bin|--search-zip|-z)' /var/log/` These commands help identify if ripgrep is being run with unsafe flags that the vulnerable Codex CLI auto-approves, which should not be trusted without user approval. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should upgrade the OpenAI Codex CLI to version 0.9.0 or later, where the fix has been implemented to prevent auto-approval of ripgrep invocations using unsafe flags (--pre, --hostname-bin, --search-zip, -z). This update modifies the logic to require explicit user approval for such commands, blocking automatic execution that could lead to arbitrary command execution or environment leakage. Additionally, as a temporary measure, avoid running ripgrep commands with these unsafe flags within the Codex CLI environment until the update is applied. Monitoring and restricting usage of these flags can reduce risk before patching. [1, 2, 3]