CVE-2025-59532

Name of the Vulnerable Software and Affected Versions Codex CLI versions 0.2.0 through 0.38.0 Codex IDE extension versions prior to 0.4.12

Description Codex CLI, a coding agent from OpenAI, had a flaw in its sandbox configuration logic. This allowed the software to incorrectly identify the writable root directory for the sandbox, potentially including paths outside the user's intended session folder. This bypassed the intended workspace boundary, enabling arbitrary file writes and command execution with the permissions of the Codex process. The network-disabled sandbox restriction was not affected. The issue stemmed from treating a model-generated current working directory (cwd) as the sandbox’s writable root.

Recommendations Codex CLI versions 0.2.0 through 0.38.0 should be updated to version 0.39.0 or later. Codex IDE extension versions prior to 0.4.12 should be updated to version 0.4.12 or later.