CVE-2025-61260

Name of the Vulnerable Software and Affected Versions OpenAI Codex CLI versions prior to 0.23.0

Description The OpenAI Codex CLI is susceptible to a command injection flaw stemming from how it processes project-local configuration files. Attackers can exploit this by placing malicious configuration files within repositories. When developers run the Codex CLI in a directory containing these files, arbitrary commands can be executed silently, without requiring user interaction. This can lead to supply chain attacks, potentially compromising developer machines and CI/CD pipelines. The issue arises from a lack of validation when processing repository-level configurations. The vulnerability allows attackers with commit or pull request access to add malicious files (such as .env and .codex/config.toml) that trigger automatic command execution, establish backdoors, and compromise downstream repositories. The vulnerability is tracked as CVE-2025-61260.

Recommendations Update to OpenAI Codex CLI version 0.23.0 or later.