CVE-2025-54558
📋 TL;DR
OpenAI Codex CLI versions before 0.9.0 automatically approve ripgrep (rg) command execution even when potentially dangerous flags like --pre, --hostname-bin, --search-zip, or -z are used. This affects users running vulnerable Codex CLI versions who execute ripgrep commands through the tool.
💻 Affected Systems
- OpenAI Codex CLI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could execute arbitrary commands on the system by crafting malicious ripgrep commands with dangerous flags that get auto-approved.
Likely Case
Accidental or unintended command execution through ripgrep flags that bypass security controls, potentially leading to data exposure or system manipulation.
If Mitigated
Limited impact with proper input validation and command restriction policies in place.
🎯 Exploit Status
Exploitation requires access to execute Codex CLI commands and knowledge of dangerous ripgrep flags.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.9.0 and later
Vendor Advisory: https://github.com/openai/codex/commit/6cf4b96f9dbbef8a94acc1ff703eb118481514d8
Restart Required: No
Instructions:
1. Update Codex CLI to version 0.9.0 or later using your package manager. 2. For Rust/Cargo installations: 'cargo install --force codex-cli' or check specific installation method from official sources.
🔧 Temporary Workarounds
Disable ripgrep auto-approval
allManually review and approve all ripgrep commands instead of using auto-approval feature.
# Configure Codex CLI to require manual approval for ripgrep commands
# Check Codex CLI documentation for configuration options
Restrict dangerous ripgrep flags
allBlock or filter ripgrep commands containing --pre, --hostname-bin, --search-zip, or -z flags.
# Implement command filtering in your shell or execution environment
# Example: alias rg='rg --no-pre --no-hostname-bin --no-search-zip'
🧯 If You Can't Patch
- Restrict Codex CLI usage to trusted users only and implement command execution monitoring.
- Disable ripgrep integration in Codex CLI configuration if not essential for workflow.
🔍 How to Verify
Check if Vulnerable:
Check Codex CLI version: 'codex --version' or 'cargo list | grep codex-cli'. If version is below 0.9.0, system is vulnerable.Check Version:
codex --versionVerify Fix Applied:
After updating, verify version is 0.9.0 or higher: 'codex --version' should show 0.9.0+.📡 Detection & Monitoring
Log Indicators:
- Unusual ripgrep command executions with --pre, --hostname-bin, --search-zip, or -z flags through Codex CLI
- Failed command executions that were previously auto-approved
Network Indicators:
- Not applicable - local tool execution
SIEM Query:
Process execution logs showing 'rg' or 'ripgrep' with dangerous flags executed by Codex CLI process