CVE-2025-55345
HIGHDescription
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
Is your site exposed to CVE-2025-55345?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-55345? +
How severe is CVE-2025-55345? +
How do I check if I'm vulnerable to CVE-2025-55345? +
Related Vulnerabilities
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if …
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group …
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may …
Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version …
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate …
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of …