Skip to content
Gastronomic-Paradise

Hackers were able to covertly execute code through README files using a loophole in the Gemini CLI.

On June 25, 2025, Google's freshly launched Gemini CLI tool faced a security issue soon after its unveiling. The issue was identified by Tracebit's cybersecurity team.

 and  Administrator
2 min read
Hackers can secretly execute commands via README files due to a flaw in the Gemini CLI system
Hackers can secretly execute commands via README files due to a flaw in the Gemini CLI system

Hackers were able to covertly execute code through README files using a loophole in the Gemini CLI.

In a recent discovery by cybersecurity firm TrailForge, a security flaw was found in Google's newly released Gemini CLI tool on June 25, 2025. This vulnerability allows malware, such as the Shuyal malware, to execute without user knowledge, potentially performing malicious actions like installing a remote shell or deleting files.

The Shuyal malware can be concealed using specific formatting techniques, making it difficult for users to detect. It can be hidden within files such as , which Gemini CLI reads. In a test conducted by Tracebit, a seemingly harmless command was combined with a malicious command that exfiltrated sensitive information, including system variables and credentials to an external server.

The security flaw stemmed from Gemini CLI's ability to automatically execute commands from a pre-approved allow-list. This allowed threat actors to target developers with malware and exfiltrate data without their knowledge. Notably, the Shuyal malware can potentially steal data from 19 different browsers.

Google has since addressed the vulnerability with the release of Gemini CLI version 0.1.14. Users are advised to update to the latest version to mitigate the risk of this vulnerability. It is essential to exercise caution when using Gemini CLI, especially outside of a sandboxed or secure testing environment. Caution is also recommended when running Gemini CLI on unfamiliar or untrusted code, to avoid potential exploitation of this or other vulnerabilities.

No credit information for the featured image was provided in the article. However, it is important to note that the discovery and subsequent patching of this security flaw underscore the need for continuous vigilance in the realm of cybersecurity.

In conclusion, the Shuyal malware exploiting the vulnerability in Google's Gemini CLI tool serves as a reminder for developers and users alike to exercise caution when working with new tools and to keep their systems updated to protect against potential threats.

Read also:

Related

Latest