CVE-2025-59532: Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox conf
Summary
Codex CLI (a coding tool from OpenAI that runs on your computer) versions 0.2.0 to 0.38.0 had a sandbox bug that allowed the AI model to trick the system into writing files and running commands outside the intended workspace folder. The sandbox (a restricted area meant to contain the tool's actions) wasn't properly checking where it should allow file access, which bypassed security boundaries, though network restrictions still worked.
Solution / Mitigation
Update to Codex CLI 0.39.0 or later, which fixes the sandbox boundary validation. The patch now checks that the sandbox boundaries are based on where the user started the session, not on paths generated by the model. If using the Codex IDE extension, update immediately to version 0.4.12. Users on 0.38.0 or earlier should update via their package manager or reinstall the latest version.
Vulnerability Details
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-59532
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 95%