Skip to main content

OpenAI Codex CLI EUVD-2025-209435

| CVE-2025-61260 CRITICAL
Code Injection (CWE-94)
2026-04-14 mitre GHSA-xrxf-jgv3-qmrm
RCE Code Injection
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
CVSS changed
Apr 16, 2026 - 13:22 NVD
9.8 (CRITICAL)
EUVD ID Assigned
Apr 14, 2026 - 14:30 euvd
EUVD-2025-209435
CVE Published
Apr 14, 2026 - 00:00 nvd
CRITICAL 9.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on @openai/codex (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.23.0.

DescriptionNVD

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately.

Analysis

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately.

Share

EUVD-2025-209435 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy