CVE-2025-61260

Published Apr 14, 2026

Last updated 3 days ago

CVSS critical 9.8

Overview

Description
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-94

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2025-61260 A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. … https://t.co/0BYKgn6JLE

    @CVEnew

    19 Apr 2026

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. AIが「一緒に働く」時代、ちゃんと怖さも知っておきたい。 OpenAIのCodex CLIに脆弱性(CVE-2025-61260)が見つかった。悪意あるリポジトリを開いただけで、設定ファイルが自動ロードされ、任意コードが実行され

    @eigyo_koho_mfg

    19 Apr 2026

    203 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 設定ファイルを1行確認したら、展開を止めた。 GitLab AdvisoryがCVE-2025-61260を2026年4月に公開した。 Codex CLIはプロジェクトの設定ファイルを実行時に自動でロードする。 細工された.mcp.json一つで、俺の端末で任

    @aiagent_builder

    19 Apr 2026

    206 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. A code execution vulnerability (CVE-2025-61260) affects `OpenAI Codex CLI` through malicious `MCP` configurations. Exercise caution with untrusted files. #OpenAICodex #CLI #CodeExecution #infosec https://t.co/ypnIHogZWU

    @pulsepatchio

    18 Apr 2026

    216 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Command injection flaw CVE-2025-61260 in OpenAI Codex CLI allows arbitrary code execution at startup without user permission. The vulnerability exploits implicit trust in MCP server configurations. AI coding tools require the same security scrutiny as any software. Vulnerability

    @cyber_breach

    13 Dec 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [Today's AI Hot News: OpenAI Codex Vulnerability Found] Vulnerability tracked as CVE-2025-61260 discovered in OpenAI's coding agent Codex CLI. Can be exploited for command execution, potentially facilitating attacks on developers. https://t.co/t9PYKokynS

    @urakeitaro

    2 Dec 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 【今日の注目AIニュース:OpenAICodex脆弱性発見】OpenAIのコーディングエージェントCodexCLIにCVE-2025-61260として追跡される脆弱性が発見。コマンド実行に悪用される可能性があり、開発者への攻撃を容易にする恐

    @urakeitaro

    2 Dec 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴 CVE-2025-61260 - OpenAI Codex CLI Project-Local Command Injection OpenAI's Codex CLI has a command injection flaw in project-local configuration parsing. What's interesting: attackers place malicious config files in repos that execute arbitrary commands when developers r

    @the_c_protocol

    2 Dec 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. OpenAI Codex CLI vuln (CVE-2025-61260) allowed command execution on dev boxes, now patched. Worth checking what your "helpful" coding agent could run without asking. #infosec https://t.co/sRWAaCWDS4

    @threatcluster

    2 Dec 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration https://t.co/ZQNaWtzuzt #appsec

    @eyalestrin

    2 Dec 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. A Codex CLI flaw allowed silent RCE from malicious repo configs (CVE-2025-61260). • Auto-executed MCP commands • Backdoors via simple commits/PRs • Risk to developer machines + CI pipelines • Zero validation of repo configs • Patched in v0.23.0 Researchers say it highli

    @TechNadu

    2 Dec 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. ⚡️ Cybersecurity Developments in the Last 12 Hours ⚡️ 🚨 Coupang confirmed a major data breach exposing personal details for 33.7 million customers, likely involving unauthorized access tied to an insider token. 👾 Check Point disclosed CVE-2025-61260 in the OpenAI

    @greytech_ltd

    1 Dec 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.