CVE-2025-55345
Published: 13 August 2025
Summary
CVE-2025-55345 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Jfrog (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked in the top 32.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation via patches from the GitHub pull request and JFrog advisory directly eliminates the symlink-following vulnerability in Codex CLI workspace-write mode.
Information input validation ensures file paths in workspace-write operations are checked for symlink dereferences outside the current working directory, preventing arbitrary overwrites.
Controls on user-installed software like Codex CLI prohibit or approve execution only for verified, patched versions, mitigating exploitation of vulnerable installations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables symlink-based arbitrary file overwrite/RCE when Codex CLI processes a malicious repository (supply chain vector) requiring user execution of the affected tool.
NVD Description
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
Deeper analysisAI
CVE-2025-55345 is a vulnerability in the OpenAI Codex CLI tool, specifically when operating in workspace-write mode within a malicious context such as a repository or directory. The issue stems from the tool following symbolic links outside the intended current working directory, enabling arbitrary file overwrites and potentially remote code execution. It is associated with CWE-61 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H).
Attackers can exploit this over the network with low complexity and no required privileges, though it demands user interaction. A malicious actor crafts a repository or directory containing symlinks that redirect writes outside the workspace boundaries. When a victim runs Codex CLI in workspace-write mode in this context, the tool follows the symlinks, allowing the attacker to overwrite arbitrary files on the victim's system, which could escalate to remote code execution based on the targeted files and system permissions.
Advisories and patches are detailed in referenced sources, including a GitHub pull request at https://github.com/openai/codex/pull/1705 and a JFrog Security Advisory at https://research.jfrog.com/vulnerabilities/codex-cli-symlink-arbitrary-file-overwrite-jfsa-2025-001378631/. These provide mitigation guidance and fixes for the symlink-following behavior.
Details
- CWE(s)