Izzy izzy0101010101

## CVE-2025-61260.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
            
              
                
                0 comments
              
            
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                izzy0101010101
                / CVE-2025-61260.md
            
            
              Last active
              October 30, 2025 12:29
            
              
                CVE-2025-61260 - OpenAI Codex CLI: Command Injection via Project-Local Configuration
              
          
        
      
        
  
      
    CVE-2025-61260 - MCP Command Injection via Malicious Repositories in OpenAI Codex CLI

CVE ID: CVE-2025-61260

Discoverer: Isabel Mill

Vendor: OpenAI

Product: Codex CLI

Affected Versions: < 0.23.0

Fixed Version: 0.23.0
Summary