Arbitrary File Overwrite Vulnerability in Codex CLI by OpenAI
CVE-2025-55345

8.8HIGH

Key Information:

Status
Vendor
CVE Published:
13 August 2025

What is CVE-2025-55345?

A vulnerability exists in Codex CLI that allows for arbitrary file overwrite when operating in workspace-write mode within a compromised context, such as a malicious directory or repository. This flaw arises from the improper handling of symlinks, enabling them to be followed outside the designated current working directory. This exposes affected systems to potential arbitrary file manipulations and could lead to remote code execution, creating a significant risk for developers and organizations relying on this tool.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://research.jfrog.com/vulnerabilities/codex-cli-syml...
third-party-advisory
https://github.com/openai/codex/pull/1705
patch

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.