CVE-2025-54558: OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search
mediumvulnerability
security
Summary
OpenAI Codex CLI versions before 0.9.0 have a security flaw where ripgrep (a command-line search tool) can be executed automatically without requiring user approval, even when security flags like --pre, --hostname-bin, or --search-zip are used. This means an attacker could potentially run ripgrep commands without proper user consent.
Solution / Mitigation
Update OpenAI Codex CLI to version 0.9.0 or later.
Vulnerability Details
CVSS Score
4.1(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-54558
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%