- Gemini could automatically execute certain commands that were previously placed on a permissions list
- If a benign command was paired with a malicious one, Gemini could execute it without prior notice
- Version 0.1.14 addresses the defect, so users must now be updated
A safety failure in the new GEMINI CLI tool of Google allowed the threat actors to go to software developers with malware, even exfotting confidential information of their devices, without them knowing.
The vulnerability was discovered by cybersecurity researchers from Tracebit a few days after Gemini Cli first launched on June 25, 2025.
Google launched a solution with version 0.1.14, which is now available for download.
Hide the sight attack
Gemini Cli is a tool that allows developers to talk to Google’s AI (called Gemini) directly from the command line. You can understand the code, make suggestions and even execute commands on the user’s device.
The problem derives from the fact that Gemini could automatically execute certain commands that were previously placed on a list of permits. According to Tracebit, there was a way of hidden hidden and malicious instructions in files that Gemini Lee, such as Readme.MD.
In a test, a seemingly harmless command combined with a malicious one that exfiltrated confidential information (such as variables or credentials of the system) to a third party server.
Because Gemini thought it was just a confidence command, he did not warn the user or requested approval. Tracebit also says that the malicious command could be hidden using an intelligent format, so users would not even see that it happened.
“The malicious command could be anything (installing a remote shell, eliminating files, etc.),” the researchers explained.
However, the attack is not so easy to achieve. It requires a little configuration, which includes having a confidence command in the permissions list, but could still be used to deceive off -unveiled developers to execute dangerous code.
Google has now paved the problem, and if you are using Gemini Cli, be sure to update to version 0.1.14 or newer as soon as possible. In addition, be sure not to execute it in unknown or non -reliable code (unless it is in a safe test environment).
Through Bleepingcomputer
