Arbitrary File Write and Command Execution in OpenAI Codex CLI
CVE-2025-59532

8.6HIGH

Key Information:

Vendor: Openai
Status: Codex
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-59532?

A vulnerability in OpenAI's Codex CLI allows unauthorized arbitrary file write and command execution due to improper sandbox configuration between versions 0.2.0 and 0.38.0. The issue arises from the program misinterpreting the current working directory supplied by the model. This oversight can result in writes outside the intended user workspace, potentially compromising system integrity. OpenAI has released a patch in version 0.39.0 that ensures the sandbox policy accurately reflects user session boundaries. Users are strongly advised to update their software to mitigate risks.

Affected Version(s)

codex >= 0.2.0, < 0.39.0

References

https://github.com/openai/codex/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/openai/codex/commit/8595237505a1e0faab...

x_refsource_MISC

https://github.com/openai/codex/releases/tag/rust-v0.39.0

x_refsource_MISC

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Sep 17, 2025

Openai

What is CVE-2025-59532?

Affected Version(s)

References

CVSS V4

Timeline