CVE-2025-54558

Summary

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the –pre or –hostname-bin or –search-zip or -z flag.

Affected Software

VendorProductVersion RangeStatus
OpenAICodex CLI0 < 0.9.0affected

Weaknesses

  • CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References