Critical Vulnerability in Google Gemini CLI Exposed, Patch Released
Google has addressed a critical vulnerability in Gemini CLI allowing for hidden command execution, releasing a patch for users to upgrade.
Key Points
- • A vulnerability in Gemini CLI allows attackers to execute malicious commands via prompt injection.
- • Hidden commands can be concealed in README.md files, exploiting the tool's allow list mechanism.
- • Google has released version 0.1.14 to fix the vulnerability, advising users to update immediately.
- • Users are cautioned to use sandbox environments for running untrusted code.
A serious security vulnerability has been discovered in Google Gemini CLI, prompting urgent action from the tech giant. Within days of its launch on June 25, 2025, researchers identified that the tool was susceptible to prompt injection attacks that can execute hidden malicious commands and exfiltrate sensitive data.
The vulnerability allows attackers to manipulate command execution by exploiting excessive whitespace in command strings, hiding harmful instructions from users. Sam Cox, founder of Tracebit, which uncovered the exploit, explained the severity of the issue: "The same technique works for extremely destructive commands such as ‘rm -rf /’ or fork bombs that crash systems. That’s exactly why I find this so worrying."
In addition to command injection, attackers could use Gemini CLI's allow list mechanism to their advantage. By embedding malicious commands within trusted files such as README.md, where the CLI retrieves operational instructions, hackers can execute harmful actions without raising suspicions. In testing, Tracebit showcased how a benign command alongside a malicious one could lead to unauthorized data extraction.
In response to the critical findings, Google has classified the vulnerability as Priority 1 and Severity 1, indicating it as one of the most pressing threats to its users. Following this assessment, Google promptly released version 0.1.14 to address the vulnerability and urged all Gemini CLI users to update their systems immediately and to proceed with caution, especially when dealing with untrusted code. Users are encouraged to implement sandboxing techniques to mitigate potential risks when using the tool in less secure environments.
This incident highlights the importance of stringent security measures in AI tools, particularly those interfacing closely with developers' systems. Google’s swift response reflects an ongoing commitment to cybersecurity amidst increasing threats in the technology landscape.
Overall, the Gemini CLI's recent security breach serves as a critical reminder of the vulnerabilities that can be present in emerging technologies and the imperative for continuous vigilance and updates as these tools evolve.