CVE-2025-55345
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-13
Assigner: JFrog
Description
Description
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openai | codex | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when using Codex CLI in workspace-write mode within a malicious context such as a compromised repository or directory. It can lead to arbitrary file overwrites and potentially remote code execution because symbolic links (symlinks) are followed outside the allowed current working directory.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to overwrite arbitrary files on the system and potentially execute remote code, which can compromise system integrity, confidentiality, and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70