VYPR
Medium severity4.1OSV Advisory· Published Jul 25, 2025· Updated Apr 15, 2026

CVE-2025-54558

CVE-2025-54558

Description

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenAI/CodexOSV2 versions
    codex-rs-121686615fd634e35f3e415896f36908cf8632f9-1-rust-v0.0.2506052203, codex-rs-132146b6d4e133d014f763a0d8dabd853f3fc0c0-1-rust-v0.0.2505061740, codex-rs-2925136536b06a324551627468d17e959afa18d4-1-rust-v0.2.0-alpha.2, …+ 1 more
    • (no CPE)range: codex-rs-121686615fd634e35f3e415896f36908cf8632f9-1-rust-v0.0.2506052203, codex-rs-132146b6d4e133d014f763a0d8dabd853f3fc0c0-1-rust-v0.0.2505061740, codex-rs-2925136536b06a324551627468d17e959afa18d4-1-rust-v0.2.0-alpha.2, …
    • (no CPE)range: <0.9.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.