{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T15:58:04.583","vulnerabilities":[{"cve":{"id":"CVE-2025-54558","sourceIdentifier":"cve@mitre.org","published":"2025-07-25T02:15:24.433","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag."},{"lang":"es","value":"La CLI de OpenAI Codex anterior a 0.9.0 aprueba automáticamente la ejecución de ripgrep (también conocido como rg) incluso con el indicador --pre o --hostname-bin o --search-zip o -z."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":2.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/openai/codex/commit/6cf4b96f9dbbef8a94acc1ff703eb118481514d8","source":"cve@mitre.org"},{"url":"https://github.com/openai/codex/compare/rust-v0.8.0...rust-v0.9.0","source":"cve@mitre.org"},{"url":"https://github.com/openai/codex/pull/1644","source":"cve@mitre.org"}]}}]}