CVE-2025-55345 HIGH

CVE-2025-55345: Unsafe symlink following in restricted workspace-write sandbox leads to RCE

Weakness CWE-61
Published August 13, 2025
Last update August 13, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.

Key dates

02Disclosure timeline

August 13, 2025 CVE published
August 13, 2025 Record updated