A severe security vulnerability in Google’s Gemini CLI tool was discovered, enabling attackers to execute arbitrary commands on developer systems undetected. Identified by Tracebit on June 27, 2025, this flaw leveraged prompt injection, inadequate input validation, and misleading UI elements, allowing silent code execution during the inspection of untrusted code repositories.
Key insights include:
1. Gemini CLI’s silent execution posed significant risk.
2. Prompt injection enabled credential theft through whitelisted commands.
3. Immediate upgrade to version 0.1.14+ and sandboxing is recommended.
The vulnerability exploited the run_shell_command feature, where attackers embedded malicious commands in benign files, such as README.md. Using complex command strings, the flawed validation logic of Gemini CLI allowed unauthorized code to run while remaining hidden from users. Google released a fix on July 25, 2025, enhancing command parsing and visibility. Developers are urged to update and utilize sandboxing to mitigate risks associated with this critical vulnerability.
Source link
