OpenAI's Codex CLI has a significant vulnerability, identified as CVE-2025-61260, which can be exploited by attackers to execute commands on a developer's machine. Researchers from Check Point found that the CLI tool automatically runs commands from local project configurations without user consent. This means if an attacker manages to merge malicious configuration files into a developer's repository, they can execute harmful commands without the developer's knowledge. The implications of this vulnerability are serious. An attacker could establish a reverse shell for ongoing remote access, execute arbitrary commands, and steal sensitive information like credentials. Moreover, the flaw can enable supply chain attacks, where compromised code can affect many users downstream if continuous integration or automation systems run the Codex CLI on malicious code. OpenAI patched the vulnerability within two weeks of being notified, releasing Codex CLI version 0.23.0 to address the issue.