August 1, 2025

The vulnerability in Gemini Cli allowed the launch of harmful code thumbnail
Business

The vulnerability in Gemini Cli allowed the launch of harmful code

by unian ua03

Tracebit cybersebit experts have shown critical vulnerability in the Google Gemini Cli team interface. It allowed to run harmful commands unnoticed if the user viewed a potentially dangerous code using AI. Google Gemini Cli is a command line tool that enables developers to work with the GEMINI SI model directly from the terminal. Among the possibilities: analysis, generation and interpretation […]”, – WRITE: Businessua.com.ua

The vulnerability in Gemini Cli allowed the launch of harmful code - Infbusiness

Tracebit cybersebit experts have shown critical vulnerability in the Google Gemini Cli team interface. It allowed to run harmful commands imperceptibly, If the user has viewed a potentially hazardous code using AI.

Google Gemini Cli is a command line tool that enables developers to work with the GEMINI SI model directly from the terminal. Among the possibilities:

  • analysis, generation and interpretation of the code with the help of AI;
  • processing of text teams and requests for the Gemini model;
  • Viewing third -party code, creating functions, correcting errors and performing other engineering tasks.

Tracebit Sam Cox analyst explained that “due to the toxic combination of weak validation, the possibility of injection of teams through Prompt and a deceptive interface, the code viewing could steadily lead to quiet execution of harmful instructions.”

The researcher hid the injection in readme.md – a file with the text GNU Public License that accompanied a harmless script on Python. As a result, Gemini executed a command to assemble and transfer them to a third -party server through Curl.

Oshka in Interface Gemini allowed to launch a comprehensive code

Source: Tracebit.

After receiving the report on June 27, Google first awarded the second level of priority and the fourth level of criticality in Bug Hunters.

However, in less than three weeks, the status was updated to the highest – as it requires urgent elimination. Vulnerability could cause serious data leakage, unauthorized access or execution of an arbitrary code.

Users are advised to update the tool to the Gemini version 0.1.14, which implemented protection against execution of such teams and implemented additional counteraction.

Sandochnik’s switching – an isolated environment that limits access to the system also prevents the attack described by Cox. However, after installing the Gemini Cli, the default works without a sandbox.

Recall that in June, the AI tool called XBow headed the rating of white hackers, which found the most vulnerability in the software of large companies.

The gun

No votes yet.

Please wait …

unian ua

Related posts

Українці придумали хитрий спосіб захищати свої F-16 на аеродромах, – Business Insider

dailymail .co.uk

Cryptoquant analyst predicted a bitcoin peak in August

unian ua

Bitcoin Demand Shift: Coinbase’s 60-Day BTC Premium Streak is at Risk

unian ua

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More