{"id":30188,"date":"2025-07-29T14:41:15","date_gmt":"2025-07-29T14:41:15","guid":{"rendered":"https:\/\/www.newsbeep.com\/au\/30188\/"},"modified":"2025-07-29T14:41:15","modified_gmt":"2025-07-29T14:41:15","slug":"googles-gemini-cli-agent-could-run-malicious-code-silently","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/au\/30188\/","title":{"rendered":"Google’s Gemini CLI agent could run malicious code silently"},"content":{"rendered":"

The recently introduced Google Gemini CLI agent, which provides a text based command interface to the company’s artificial intelligence large language model, could be tricked into silently executing malicious commands, a security researcher has discovered.<\/p>\n

\"Google's<\/p>\n

Tracebit security researcher Sam Cox discovered the vulnerability<\/a>, which “through a toxic combination of improper validation, prompt injection and misleading UX, inspecting untrusted code consistently leads to silent execution of malicious commands.”<\/p>\n

By hiding a prompt injection in a README.md file which contained the full text of the GNU Public Licence as well, to accompany a benign Python script that the target could be likely to run, Cox was able to coax Gemini into exfiltrating credentials using the “env” and “curl” commands to a listening remote server.<\/p>\n

<\/p>\n

Google initally triaged the vulnerability Cox found as Priority 2, Severity 4, in its Bug Hunters program after Cox reported it on June 27.<\/p>\n

About three weeks later, Google reclassified the vulnerability as the most serious Priority 1, Severity 1 which requires urgent, immediate attention as it could lead to significant data compromise, unauthorised access and\/or code execution.<\/p>\n

Users are advised to upgrade to Gemini 0.1.14 which has safeguards<\/a> for shell code execution and mitigate the above attack.<\/p>\n

Enabling\u00a0“sandboxing”, which is an isolated environment that protects users’ systems, would also prevent the attack Cox discovered.<\/p>\n

However, after installation Gemini CLI by default runs without sandboxing, although the tool prominently warns users that this is the case.<\/p>\n","protected":false},"excerpt":{"rendered":"The recently introduced Google Gemini CLI agent, which provides a text based command interface to the company’s artificial…\n","protected":false},"author":2,"featured_media":30189,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[256,254,255,64,63,105],"class_list":{"0":"post-30188","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-au","12":"tag-australia","13":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/30188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/comments?post=30188"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/30188\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media\/30189"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media?parent=30188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/categories?post=30188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/tags?post=30188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}