VBS-2026-0016HIGHCVSS 8.4CWE-59

Codex CLI workspace-write symlink overwrite (CVE-2025-55345)

Unsafe symlink handling in workspace-write mode enabled file overwrite outside intended boundaries and potential code execution.

Published

2025-08-13

Discovered By

JFrog Security Research

CVSS Score

8.4 / 10

Affected AI Platforms

Codex CLI

Affected Tech Stack

Workspace write modeSymlink traversal

Remediation

Upgrade to patched releases and enforce canonical path boundary checks with symlink-safe writes.

#codex-cli#symlink#arbitrary-file-write#cve

References

https://nvd.nist.gov/vuln/detail/CVE-2025-55345

Check if your app is vulnerable to VBS-2026-0016

PolyDefender detects this and dozens of other AI-specific vulnerability patterns.

FAQ

How do I check if my Workspace write mode + Symlink traversal app is affected by codex CLI workspace-write symlink overwrite (CVE-2025-55345)?

Unsafe symlink handling in workspace-write mode enabled file overwrite outside intended boundaries and potential code execution.. Search your codebase for Workspace write mode, Symlink traversal patterns and verify the remediation has been applied.

Why does Codex CLI generate code with CWE-59 (high severity)?

Unsafe symlink handling in workspace-write mode enabled file overwrite outside intended boundaries and potential code execution.

How do I fix codex CLI workspace-write symlink overwrite (CVE-2025-55345)?

Upgrade to patched releases and enforce canonical path boundary checks with symlink-safe writes.

What is CVE-2025-55345 and how does it affect Codex CLI projects?

CVE-2025-55345 is a high severity CVE with a CVSS score of 8.4, affecting Codex CLI. Unsafe symlink handling in workspace-write mode enabled file overwrite outside intended boundaries and potential code execution..