Arbitrary File Write and Command Execution in OpenAI Codex CLI
CVE-2025-59532

8.6HIGH

Key Information:

Vendor

Openai

Status
Codex
Vendor
CVE Published:
22 September 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-59532?

A vulnerability in OpenAI's Codex CLI allows unauthorized arbitrary file write and command execution due to improper sandbox configuration between versions 0.2.0 and 0.38.0. The issue arises from the program misinterpreting the current working directory supplied by the model. This oversight can result in writes outside the intended user workspace, potentially compromising system integrity. OpenAI has released a patch in version 0.39.0 that ensures the sandbox policy accurately reflects user session boundaries. Users are strongly advised to update their software to mitigate risks.

Affected Version(s)

codex >= 0.2.0, < 0.39.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2025-59532-poc
Created by baktistr

References

https://github.com/openai/codex/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/openai/codex/commit/8595237505a1e0faab...
x_refsource_MISC
https://github.com/openai/codex/releases/tag/rust-v0.39.0
x_refsource_MISC

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-59532 : Arbitrary File Write and Command Execution in OpenAI Codex CLI