CVE-2025-55345 (GCVE-0-2025-55345)

Vulnerability from cvelistv5 – Published: 2025-08-13 08:55 – Updated: 2025-08-13 19:58
VLAI
Title
Unsafe symlink following in restricted workspace-write sandbox leads to RCE
Summary
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
Severity
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 0.12.0 (semver)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55345",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T17:55:41.335745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T19:58:27.552Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.npmjs.com",
          "packageName": "@openai/codex",
          "versions": [
            {
              "lessThan": "0.12.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUsing Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.\u003c/p\u003e"
            }
          ],
          "value": "Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T08:55:14.016Z",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openai/codex/pull/1705"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unsafe symlink following in restricted workspace-write sandbox leads to RCE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2025-55345",
    "datePublished": "2025-08-13T08:55:14.016Z",
    "dateReserved": "2025-08-13T04:40:32.039Z",
    "dateUpdated": "2025-08-13T19:58:27.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-55345",
      "date": "2026-05-28",
      "epss": "0.00545",
      "percentile": "0.68042"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-55345\",\"sourceIdentifier\":\"reefs@jfrog.com\",\"published\":\"2025-08-13T09:15:29.087\",\"lastModified\":\"2025-08-13T20:15:32.740\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.\"},{\"lang\":\"es\",\"value\":\"El uso de Codex CLI en modo de escritura en el espacio de trabajo dentro de un contexto malicioso (repositorio, directorio, etc.) podr\u00eda provocar la sobrescritura arbitraria de archivos y potencialmente la ejecuci\u00f3n remota de c\u00f3digo debido a que se siguen enlaces simb\u00f3licos fuera del directorio de trabajo actual permitido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"reefs@jfrog.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"reefs@jfrog.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-61\"}]}],\"references\":[{\"url\":\"https://github.com/openai/codex/pull/1705\",\"source\":\"reefs@jfrog.com\"},{\"url\":\"https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/\",\"source\":\"reefs@jfrog.com\"},{\"url\":\"https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55345\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-13T17:55:41.335745Z\"}}}], \"references\": [{\"url\": \"https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-13T17:50:59.009Z\"}}], \"cna\": {\"title\": \"Unsafe symlink following in restricted workspace-write sandbox leads to RCE\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.12.0\", \"versionType\": \"semver\"}], \"packageName\": \"@openai/codex\", \"collectionURL\": \"https://www.npmjs.com\"}], \"references\": [{\"url\": \"https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/openai/codex/pull/1705\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUsing Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-61\", \"description\": \"CWE-61 UNIX Symbolic Link (Symlink) Following\"}]}], \"providerMetadata\": {\"orgId\": \"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d\", \"shortName\": \"JFROG\", \"dateUpdated\": \"2025-08-13T08:55:14.016Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-55345\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-13T19:58:27.552Z\", \"dateReserved\": \"2025-08-13T04:40:32.039Z\", \"assignerOrgId\": \"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d\", \"datePublished\": \"2025-08-13T08:55:14.016Z\", \"assignerShortName\": \"JFROG\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.