PatchSiren cyber security CVE debrief
CVE-2025-61260 OpenAI CVE debrief
A critical vulnerability was identified in OpenAI Codex CLI v0.23.0 and earlier. The vulnerability enables code execution through malicious MCP (Model Context Protocol) configuration files when a user runs the codex command inside a malicious or compromised repository. This vulnerability has a CVSS score of 9.8, indicating a critical severity level. Users of OpenAI Codex CLI, especially those using version 0.23.0 or earlier, should be aware of this vulnerability and take immediate action to secure their environments. The vulnerability allows attackers to embed arbitrary commands that execute immediately.
- Vendor
- OpenAI
- Product
- Codex CLI
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-07-05
Who should care
Users of OpenAI Codex CLI, especially those using version 0.23.0 or earlier, should be aware of this vulnerability and take immediate action to secure their environments. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess and mitigate this vulnerability.
Technical summary
The vulnerability is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately. The CVSS score for this vulnerability is 9.8, indicating a critical severity level. This vulnerability affects OpenAI Codex CLI version 0.23.0 and earlier, and users should take immediate action to secure their environments.
Defensive priority
High
Recommended defensive actions
- Immediately update OpenAI Codex CLI to the latest version
- Use secure repositories and verify the integrity of MCP configuration files
- Implement additional security measures such as input validation and command execution monitoring
- Conduct regular security audits and vulnerability assessments
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The vulnerability was reported by Checkpoint. The CVE record was published on 2026-04-14T15:16:24.487Z and last modified on 2026-07-05T02:17:19.160Z. Evidence is limited to public CVE and NVD records. Defenders should verify the integrity of MCP configuration files and implement additional security measures such as input validation and command execution monitoring.
Official resources
-
CVE-2025-61260 CVE record
CVE.org
-
CVE-2025-61260 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-14T15:16:24.487Z and has not been modified since then.