CVE-2025-55345
📋 TL;DR
This vulnerability in Codex CLI allows attackers to overwrite arbitrary files and potentially achieve remote code execution when the tool is used in workspace-write mode within a malicious directory context. The issue occurs because symlinks are followed outside the allowed current working directory boundaries. Anyone using Codex CLI in workspace-write mode with untrusted repositories or directories is affected.
💻 Affected Systems
- OpenAI Codex CLI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through arbitrary file overwrite leading to remote code execution, potentially allowing attacker persistence and lateral movement.
Likely Case
Arbitrary file corruption or overwrite of sensitive system files, configuration files, or user data.
If Mitigated
Limited to file overwrite within user's permissions scope if proper directory isolation is enforced.
🎯 Exploit Status
Exploitation requires user to run Codex CLI in workspace-write mode on malicious content. The vulnerability is well-documented in public advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version with pull request #1705 applied
Vendor Advisory: https://github.com/openai/codex/pull/1705
Restart Required: No
Instructions:
1. Update Codex CLI to latest version. 2. Verify the fix is applied by checking for symlink handling improvements. 3. No restart required as this is a CLI tool.
🔧 Temporary Workarounds
Avoid workspace-write mode with untrusted content
allDo not use Codex CLI in workspace-write mode with directories or repositories from untrusted sources.
Use container isolation
linuxRun Codex CLI in isolated containers with limited filesystem access.
docker run --read-only -v /safe/path:/workspace codex-cli
🧯 If You Can't Patch
- Disable workspace-write mode entirely in production environments
- Implement strict access controls and audit all Codex CLI usage
🔍 How to Verify
Check if Vulnerable:
Check if using Codex CLI in workspace-write mode with symlink handling that follows links outside current directory.Check Version:
codex --versionVerify Fix Applied:
Test with a symlink pointing outside the workspace directory - it should be blocked or properly handled.📡 Detection & Monitoring
Log Indicators:
- Codex CLI workspace-write operations on unusual directories
- File permission errors for system files
Network Indicators:
- Unusual outbound connections following Codex CLI execution
SIEM Query:
process_name:"codex" AND command_line:"workspace-write" AND (file_access:"/etc/" OR file_access:"/root/")