CVE-2025-55345 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code exe…
High CVSS: 8.8

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
Vendor
-
Product
-
CWE
CWE-61
Yayın Tarihi
2025-08-13 09:15:29
Güncelleme
2025-08-13 20:15:32
Source Identifier
reefs@jfrog.com
KEV Date Added
-

Kategoriler

CWE-61 HIGH 2025

Referanslar

https://github.com/openai/codex/pull/1705 https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/ https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/