CVE-2025-55345
Published: 13 August 2025
Summary
CVE-2025-55345 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Jfrog (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Codex CLI is affected by CVE-2025-55345, a symlink-following flaw that occurs when the tool is invoked in workspace-write mode against a malicious repository or directory. The vulnerability, tracked under CWE-61, allows writes to traverse outside the intended working directory, resulting in arbitrary file overwrites that can escalate to remote code execution. It carries a CVSS 3.1 score of 8.8.
An attacker who controls or can influence the contents of a repository or directory can place crafted symlinks that Codex CLI will follow during workspace-write operations. Any user who subsequently runs the CLI against that context without additional sandboxing can trigger file modifications or code execution on their system, with no authentication or special privileges required beyond normal use of the tool.
A fix addressing the symlink traversal behavior is referenced in the associated GitHub pull request, while the JFrog advisory provides further technical analysis of the issue.
The EPSS score has remained flat at 0.0146 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24554
Vulnerability details
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables symlink-based arbitrary file overwrite/RCE when Codex CLI processes a malicious repository (supply chain vector) requiring user execution of the affected tool.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation via patches from the GitHub pull request and JFrog advisory directly eliminates the symlink-following vulnerability in Codex CLI workspace-write mode.
Information input validation ensures file paths in workspace-write operations are checked for symlink dereferences outside the current working directory, preventing arbitrary overwrites.
Controls on user-installed software like Codex CLI prohibit or approve execution only for verified, patched versions, mitigating exploitation of vulnerable installations.