Arbitrary File Overwrite Vulnerability in Codex CLI by OpenAI
CVE-2025-55345

8.8HIGH

Key Information:

Status
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-55345?

A vulnerability exists in Codex CLI that allows for arbitrary file overwrite when operating in workspace-write mode within a compromised context, such as a malicious directory or repository. This flaw arises from the improper handling of symlinks, enabling them to be followed outside the designated current working directory. This exposes affected systems to potential arbitrary file manipulations and could lead to remote code execution, creating a significant risk for developers and organizations relying on this tool.

References

https://research.jfrog.com/vulnerabilities/codex-cli-syml...

third-party-advisory

https://github.com/openai/codex/pull/1705

patch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Aug 13, 2025