VYPR

Codex

by OpenAI

Source repositories

CVEs (3)

  • CVE-2025-55345HigAug 13, 2025
    risk 0.57cvss 8.8epss 0.01

    Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.

  • CVE-2025-59532HigSep 22, 2025
    risk 0.49cvss epss 0.01

    Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started…

  • CVE-2025-54558MedJul 25, 2025
    risk 0.20cvss 4.1epss 0.00

    OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.