Wiz
Vulnerability DatabaseCVE-2025-59532

CVE-2025-59532
JavaScript vulnerability analysis and mitigation

Overview

Codex CLI, a coding agent from OpenAI that runs locally, was found to contain a critical security vulnerability (CVE-2025-59532) affecting versions 0.2.0 through 0.38.0. The vulnerability was discovered on September 22, 2025, and involves a bug in the sandbox configuration logic that could allow the CLI to treat a model-generated working directory as the sandbox's writable root, including paths outside of the user's intended session folder (GitHub Advisory).

Technical details

The vulnerability stems from improper validation in the sandbox configuration logic where the system could incorrectly handle the working directory (cwd) permissions. The bug allowed the sandbox to treat model-generated paths as valid writable roots, even when they existed outside the intended workspace boundary. This vulnerability has been assigned a CVSS v4.0 base score of 8.6 (High), with the following vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The vulnerability is classified under CWE-20 (Improper Input Validation) (GitHub Advisory, NVD).

Impact

The vulnerability enables arbitrary file writes and command execution wherever the Codex process has permissions, effectively bypassing the intended workspace boundary restrictions. While the network-disabled sandbox restriction remained intact, the bug could allow attackers to perform unauthorized operations outside the intended working directory (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in Codex CLI version 0.39.0, which implements proper canonicalization and validation of sandbox policy boundaries based on the user's session start location. Users running version 0.38.0 or earlier should immediately update via their package manager or reinstall the latest Codex CLI. For users of the Codex IDE extension, updating to version 0.4.12 is required to patch the sandbox issue (GitHub Advisory).

Community reactions

The vulnerability was responsibly disclosed by security researcher Tzanko Matev (Codetracer), and OpenAI promptly addressed the issue with a patch release. The fix was merged into the main branch as part of release 0.39.0, which included several other improvements and bug fixes (GitHub Release).

Additional resources

SourceThis report was generated using AI

Related JavaScript vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-23744CRITICAL9.8
  • JavaScriptJavaScript
  • @mcpjam/inspector
NoYesJan 16, 2026
CVE-2026-23735HIGH8.7
  • JavaScriptJavaScript
  • graphql-modules
NoYesJan 16, 2026
GHSA-gw32-9rmw-qwwwHIGH8.4
  • JavaScriptJavaScript
  • svelte
NoYesJan 16, 2026
CVE-2026-23745HIGH8.2
  • JavaScriptJavaScript
  • argo-workflows-fips-3.6
NoYesJan 16, 2026
GHSA-38cw-85xc-xr9xMEDIUM6.8
  • JavaScriptJavaScript
  • @veramo/data-store
NoYesJan 16, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo