CVE-2025-54558

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54558
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54558.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54558
Published
2025-07-25T02:15:24.433Z
Modified
2026-03-14T01:48:52.819928Z
Severity
  • 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.

References

Affected packages

Git / github.com/openai/codex

Affected ranges

Type
GIT
Repo
https://github.com/openai/codex
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
12994d3a43532fc48ab924035f85cc12cff85fa3
Fixed
6cf4b96f9dbbef8a94acc1ff703eb118481514d8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.0"
        }
    ]
}

Affected versions

codex-rs-121686615fd634e35f3e415896f36908cf8632f9-1-rust-v0.*
codex-rs-121686615fd634e35f3e415896f36908cf8632f9-1-rust-v0.0.2506052203
codex-rs-132146b6d4e133d014f763a0d8dabd853f3fc0c0-1-rust-v0.*
codex-rs-132146b6d4e133d014f763a0d8dabd853f3fc0c0-1-rust-v0.0.2505061740
codex-rs-2925136536b06a324551627468d17e959afa18d4-1-rust-v0.*
codex-rs-2925136536b06a324551627468d17e959afa18d4-1-rust-v0.2.0-alpha.2
codex-rs-378d773f3af95384eef51addf560df30aa9fd15f-1-rust-v0.*
codex-rs-378d773f3af95384eef51addf560df30aa9fd15f-1-rust-v0.0.2505301630
codex-rs-3a70a0bc280734d09448cb08ec05b5c44f7c798e-1-rust-v0.*
codex-rs-3a70a0bc280734d09448cb08ec05b5c44f7c798e-1-rust-v0.0.2505141337
codex-rs-45519e12f39777b65c05ed498503ddcb60beb289-1-rust-v0.*
codex-rs-45519e12f39777b65c05ed498503ddcb60beb289-1-rust-v0.0.2506030956
codex-rs-5915a59c8290765d6097caf4074aae93a85380fa-1-rust-v0.*
codex-rs-5915a59c8290765d6097caf4074aae93a85380fa-1-rust-v0.0.2505021951
codex-rs-5ee08335ac690a69035720a798df9865bc5a4278-1-rust-v0.*
codex-rs-5ee08335ac690a69035720a798df9865bc5a4278-1-rust-v0.0.2505171051
codex-rs-5fc3c3023d9f179fb416b2722d1434bac278e916-1-rust-v0.*
codex-rs-5fc3c3023d9f179fb416b2722d1434bac278e916-1-rust-v0.0.2506060849
codex-rs-68e94c8c08943e1d4a53bd7987e319ba7dbffb74-1-rust-v0.*
codex-rs-68e94c8c08943e1d4a53bd7987e319ba7dbffb74-1-rust-v0.0.2505191609
codex-rs-6a77484c94956d5cd319da3f8500b178ec93fc90-1-rust-v0.*
codex-rs-6a77484c94956d5cd319da3f8500b178ec93fc90-1-rust-v0.0.2505220956
codex-rs-6a8a936f75ea44faf05ff4fab0c6a36fc970428d-1-rust-v0.*
codex-rs-6a8a936f75ea44faf05ff4fab0c6a36fc970428d-1-rust-v0.0.2506261603
codex-rs-72a4c38e41bc64f5a7c8c73d52f45784cb6b7137-1-rust-v0.*
codex-rs-72a4c38e41bc64f5a7c8c73d52f45784cb6b7137-1-rust-v0.0.2504301219
codex-rs-79cb07bf70a9036200aa2b61b211fe47ea13184a-1-rust-v0.*
codex-rs-79cb07bf70a9036200aa2b61b211fe47ea13184a-1-rust-v0.0.2505212314
codex-rs-7f24ec8cae83ae22e7cc306fea4844958370827d-1-rust-v0.*
codex-rs-7f24ec8cae83ae22e7cc306fea4844958370827d-1-rust-v0.0.2505101753
codex-rs-84eae7b1bc4e3b5420f2d6127b7c17e7a979a5b0-1-rust-v0.*
codex-rs-84eae7b1bc4e3b5420f2d6127b7c17e7a979a5b0-1-rust-v0.0.2506052135
codex-rs-8d6a8b308e7457d432564083bb2f577cd39e132b-1-rust-v0.*
codex-rs-8d6a8b308e7457d432564083bb2f577cd39e132b-1-rust-v0.0.2505151627
codex-rs-94c47d69a3f92257e7f9717a2044bd55786eb999-1-rust-v0.*
codex-rs-94c47d69a3f92257e7f9717a2044bd55786eb999-1-rust-v0.0.2505121726
codex-rs-9949f6404378db6f54a01bcadb1956e0535d4921-1-rust-v0.*
codex-rs-9949f6404378db6f54a01bcadb1956e0535d4921-1-rust-v0.0.2505121520
codex-rs-aa156ceac953c3e6f3602e6eb2f61b14ac8adaf3-1-rust-v0.*
codex-rs-aa156ceac953c3e6f3602e6eb2f61b14ac8adaf3-1-rust-v0.0.2505231205
codex-rs-ac6e1b2661320a631d80aa51bdfa8f1635e0c8fa-1-rust-v0.*
codex-rs-ac6e1b2661320a631d80aa51bdfa8f1635e0c8fa-1-rust-v0.0.2506052246
codex-rs-b152435fb95e7f1ab197ae2cdde68ae29a7d219b-1-rust-v0.*
codex-rs-b152435fb95e7f1ab197ae2cdde68ae29a7d219b-1-rust-v0.0.2505291458
codex-rs-b289c9207090b2e27494545d7b5404e063bd86f3-1-rust-v0.*
codex-rs-b289c9207090b2e27494545d7b5404e063bd86f3-1-rust-v0.1.0-alpha.4
codex-rs-b5257992b06373acef8b20a4ca25ffc1b96688e2-1-rust-v0.*
codex-rs-b5257992b06373acef8b20a4ca25ffc1b96688e2-1-rust-v0.0.2505161708
codex-rs-c74d7e13e7d8daf3a2493f6216918d5e59a38bed-1-rust-v0.*
codex-rs-c74d7e13e7d8daf3a2493f6216918d5e59a38bed-1-rust-v0.0.2505191518
codex-rs-ca8e97fcbcb991e542b8689f2d4eab9d30c399d6-1-rust-v0.*
codex-rs-ca8e97fcbcb991e542b8689f2d4eab9d30c399d6-1-rust-v0.0.2505302325
codex-rs-cb19037ca3822e9b19b51417392f8afc046be607-1-rust-v0.*
codex-rs-cb19037ca3822e9b19b51417392f8afc046be607-1-rust-v0.0.2505141652
codex-rs-d2eee362c1c6cdc00bcb5bf1d479823ef33c143a-1-rust-v0.*
codex-rs-d2eee362c1c6cdc00bcb5bf1d479823ef33c143a-1-rust-v0.0.2505231137
codex-rs-d519bd8bbd1e1fd9efdc5d68cf7bebdec0dd0f28-1-rust-v0.*
codex-rs-d519bd8bbd1e1fd9efdc5d68cf7bebdec0dd0f28-1-rust-v0.0.2505270918
codex-rs-dfac02b343605ce61154ab2e075ac6c38f533916-1-rust-v0.*
codex-rs-dfac02b343605ce61154ab2e075ac6c38f533916-1-rust-v0.0.2505291659
codex-rs-e40bc9911433bd3f942ef4604626fab5638a7a72-1-rust-v0.*
codex-rs-e40bc9911433bd3f942ef4604626fab5638a7a72-1-rust-v0.0.2504301327
rust-v.*
rust-v.0.0.2504291921
rust-v.0.0.2504291926
rust-v.0.0.2504291954
rust-v.0.0.2504292006
rust-v.0.0.2504292236
rust-v0.*
rust-v0.0.2504291921
rust-v0.0.2504301132

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54558.json"