Codex Bug Let Repo Files Execute Hidden Commands

Attackers Could Hijack Developer Machines via Tampered Config Files Rashmi Ramesh (rashmiramesh_) • December 3, 2025

OpenAI patched a command-injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines by hiding malicious configuration files inside code repositories.

See Also: A CISO’s Perspective on Scaling GenAI Securely

Cybersecurity firm Check Point said Monday that it disclosed the flaw to OpenAI on Aug. 7, and that the company released a fix on Aug. 20 in Codex CLI version 0.23.0. The vulnerability exploited how the terminal-based coding assistant handled project configurations, turning routine developer workflows into potential attack vectors.

Codex CLI is OpenAI's command-line tool that brings artificial intelligence reasoning into software development. Developers use it to read, edit and execute code directly from the terminal using natural language commands. The tool extends its capabilities through the model context protocol, a standard ...