CVE-2025-55345

Name of the Vulnerable Software and Affected Versions: Codex CLI (affected versions not specified)

Description: Using Codex CLI in workspace-write mode within a malicious context (repository, directory, etc.) may lead to arbitrary file overwrite and potentially remote code execution. This occurs because the software follows symlinks outside the permitted current working directory.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.