Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

Posted on By CWS

OpenAI lately patched a Codex CLI vulnerability that may be exploited in assaults geared toward software program builders, Verify Level revealed on Monday.

Codex CLI is an open supply coding agent that builders can run domestically from their terminal. The AI agent can learn, change, and run code on the machine, enabling customers to enhance documentation, write unit assessments, generate structure diagrams, suggest PRs, and search for vulnerabilities utilizing pure language instructions.

Verify Level researchers found that the device routinely loaded and executed instructions outlined inside native challenge configurations. The instructions in these configuration information are implicitly trusted, and they’re executed with out first acquiring the consumer’s approval. 

An attacker who can commit or merge specifically crafted configuration information into the focused developer’s repository can plant information that set off the execution of malicious instructions. 

[ Read: OpenAI User Data Exposed in Mixpanel Hack ]

“An initially innocuous config might be swapped for a malicious one post-approval or post-merge, making a stealthy, reproducible supply-chain backdoor that triggers on regular developer workflows,” Verify Level warned.

The safety agency’s researchers confirmed how an attacker may exploit the Codex CLI vulnerability to deploy a reverse shell for persistent distant entry, silently execute arbitrary instructions, exfiltrate credentials and different secrets and techniques, escalate privileges, and transfer laterally. 

An attacker may additionally leverage the flaw to mount provide chain assaults. Commercial. Scroll to proceed studying.

“Compromised templates, starter repos, or standard open-source initiatives can weaponize many downstream shoppers with a single commit,” Verify Level defined. “If CI, automation, or construct brokers run codex on checked-out code, the compromise can transfer from workstations into construct artifacts and downstream deployments.”

The vulnerability, tracked as CVE-2025-61260, was reported to OpenAI in August, and a patch was made obtainable lower than two weeks later with the discharge of Codex CLI 0.23.0.

Associated: Microsoft Highlights Safety Dangers Launched by New Agentic AI Characteristic

Associated: WormGPT 4 and KawaiiGPT: New Darkish LLMs Enhance Cybercrime Automation

Associated: AI Agent Safety Agency Vijil Raises $17 Million

Security Week News Tags:, , , , , ,

Related Posts

Two Scattered Spider Suspects Arrested in UK; One Charged in US Two Scattered Spider Suspects Arrested in UK; One Charged in US Security Week News
Choosing a Clear Direction in the Face of Growing Cybersecurity Demands Choosing a Clear Direction in the Face of Growing Cybersecurity Demands Security Week News
Radiflow Unveils New OT Security Platform Radiflow Unveils New OT Security Platform Security Week News
In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty Security Week News
Adobe Patches Critical Apache Tika Bug in ColdFusion Adobe Patches Critical Apache Tika Bug in ColdFusion Security Week News
Swimlane Raises Million for Security Automation Platform Swimlane Raises $45 Million for Security Automation Platform Security Week News