OpenAI lately patched a Codex CLI vulnerability that may be exploited in assaults geared toward software program builders, Verify Level revealed on Monday.
Codex CLI is an open supply coding agent that builders can run domestically from their terminal. The AI agent can learn, change, and run code on the machine, enabling customers to enhance documentation, write unit assessments, generate structure diagrams, suggest PRs, and search for vulnerabilities utilizing pure language instructions.
Verify Level researchers found that the device routinely loaded and executed instructions outlined inside native challenge configurations. The instructions in these configuration information are implicitly trusted, and they’re executed with out first acquiring the consumer’s approval.
An attacker who can commit or merge specifically crafted configuration information into the focused developer’s repository can plant information that set off the execution of malicious instructions.
[ Read: OpenAI User Data Exposed in Mixpanel Hack ]
“An initially innocuous config might be swapped for a malicious one post-approval or post-merge, making a stealthy, reproducible supply-chain backdoor that triggers on regular developer workflows,” Verify Level warned.
The safety agency’s researchers confirmed how an attacker may exploit the Codex CLI vulnerability to deploy a reverse shell for persistent distant entry, silently execute arbitrary instructions, exfiltrate credentials and different secrets and techniques, escalate privileges, and transfer laterally.
An attacker may additionally leverage the flaw to mount provide chain assaults. Commercial. Scroll to proceed studying.
“Compromised templates, starter repos, or standard open-source initiatives can weaponize many downstream shoppers with a single commit,” Verify Level defined. “If CI, automation, or construct brokers run codex on checked-out code, the compromise can transfer from workstations into construct artifacts and downstream deployments.”
The vulnerability, tracked as CVE-2025-61260, was reported to OpenAI in August, and a patch was made obtainable lower than two weeks later with the discharge of Codex CLI 0.23.0.
Associated: Microsoft Highlights Safety Dangers Launched by New Agentic AI Characteristic
Associated: WormGPT 4 and KawaiiGPT: New Darkish LLMs Enhance Cybercrime Automation
Associated: AI Agent Safety Agency Vijil Raises $17 Million
