CVE Catalog

CVE-2025-61260

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
6.58%

93th percentile - higher than 93% of all known CVEs

Summary

A vulnerability in OpenAI Codex CLI v0.23.0 and earlier allows code execution via malicious MCP configuration files. The attack is triggered when a user runs the codex command in a compromised repository, as Codex automatically loads local .env and .codex/config.toml files without user confirmation.

Risk Assessment

The risk is that an attacker can take control of the victim's development environment by executing arbitrary commands immediately upon running Codex in a malicious repository, potentially leading to data theft or further system compromise.

Recommendation

Immediately update OpenAI Codex CLI to a version newer than 0.23.0 if available, or temporarily avoid running Codex in repositories from untrusted sources.

Original NVD description (English source)

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS