Medium severity4.1OSV Advisory· Published Jul 25, 2025· Updated Apr 15, 2026
CVE-2025-54558
CVE-2025-54558
Description
OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2codex-rs-121686615fd634e35f3e415896f36908cf8632f9-1-rust-v0.0.2506052203, codex-rs-132146b6d4e133d014f763a0d8dabd853f3fc0c0-1-rust-v0.0.2505061740, codex-rs-2925136536b06a324551627468d17e959afa18d4-1-rust-v0.2.0-alpha.2, …+ 1 more
- (no CPE)range: codex-rs-121686615fd634e35f3e415896f36908cf8632f9-1-rust-v0.0.2506052203, codex-rs-132146b6d4e133d014f763a0d8dabd853f3fc0c0-1-rust-v0.0.2505061740, codex-rs-2925136536b06a324551627468d17e959afa18d4-1-rust-v0.2.0-alpha.2, …
- (no CPE)range: <0.9.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.