Cyber Resilience

CVE-2025-55345

High

Published: 13 August 2025

Published
13 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0146 81.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55345 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Jfrog (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Codex CLI is affected by CVE-2025-55345, a symlink-following flaw that occurs when the tool is invoked in workspace-write mode against a malicious repository or directory. The vulnerability, tracked under CWE-61, allows writes to traverse outside the intended working directory, resulting in arbitrary file overwrites that can escalate to remote code execution. It carries a CVSS 3.1 score of 8.8.

An attacker who controls or can influence the contents of a repository or directory can place crafted symlinks that Codex CLI will follow during workspace-write operations. Any user who subsequently runs the CLI against that context without additional sandboxing can trigger file modifications or code execution on their system, with no authentication or special privileges required beyond normal use of the tool.

A fix addressing the symlink traversal behavior is referenced in the associated GitHub pull request, while the JFrog advisory provides further technical analysis of the issue.

The EPSS score has remained flat at 0.0146 with no material increase since disclosure.

EU & UK References

Vulnerability details

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.001 Compromise Software Dependencies and Development Tools Initial Access
Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Vulnerability enables symlink-based arbitrary file overwrite/RCE when Codex CLI processes a malicious repository (supply chain vector) requiring user execution of the affected tool.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27976Shared CWE-61
CVE-2026-23986Shared CWE-61
CVE-2026-29203Shared CWE-61
CVE-2026-33711Shared CWE-61
CVE-2026-35632Shared CWE-61
CVE-2026-21916Shared CWE-61
CVE-2026-24018Shared CWE-61
CVE-2026-22767Shared CWE-61
CVE-2026-35525Shared CWE-61
CVE-2026-34078Shared CWE-61

Affected Assets

Jfrog
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation via patches from the GitHub pull request and JFrog advisory directly eliminates the symlink-following vulnerability in Codex CLI workspace-write mode.

prevent

Information input validation ensures file paths in workspace-write operations are checked for symlink dereferences outside the current working directory, preventing arbitrary overwrites.

prevent

Controls on user-installed software like Codex CLI prohibit or approve execution only for verified, patched versions, mitigating exploitation of vulnerable installations.

References