CNNVD-202507-3155 Information

CNNVD ID

CNNVD-202507-3155

Related CVE

CVE-2025-54558

• CNNVD Published: 2025-07-25

Description (Chinese)

OpenAI Codex CLI是OpenAI开源的一个在终端中运行的轻量级编码代理软件。 OpenAI Codex CLI 0.9.0之前版本存在安全漏洞，该漏洞源于自动批准ripgrep执行，可能导致安全风险。

Description (English)

OpenAI Codex CLI is a lightweight coding agent running in the terminal from OpenAI Open Source. OpenAI Codex CLI 0.9.0 had a security loophole, which stemmed from automatic approval of the ripgrep implementation, which could lead to security risks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenAI

Published

2025-07-25

Last Modified

2026-02-24

References

https://github.com/openai/codex/commit/6cf4b96f9dbbef8a94acc1ff703eb118481514d8 https://github.com/openai/codex/compare/rust-v0.8.0…rust-v0.9.0 https://github.com/openai/codex/pull/1644 https://access.redhat.com/security/cve/cve-2025-54558

Patch

https://github.com/openai/codex/releases