Critical Vulnerability in OpenAI Codex CLI Allows Silent Code Execution

A critical vulnerability in OpenAI’s Codex CLI allows attackers to execute arbitrary commands on developer machines without user interaction. Discovered by security researchers Isabel Mill and Oded Vanunu, the flaw (CVE-2025-61260) exploits how the tool handles project-local configuration files. Attackers with repository access can create malicious files that, when loaded by Codex, execute commands silently. This vulnerability enables persistent remote access, arbitrary command execution, and credential harvesting, posing a significant risk to developers and organizations. OpenAI has been notified, and developers are advised to monitor repositories for suspicious configurations until a patched version is available.