Flaw in Gemini CLI Coding Tool Could Allow Hackers to Run Nasty Commands

Flaw in Gemini CLI coding tool could allow hackers to run nasty commands

Beware of coding agents that can access your command window.

Google Gemini security flaw could have let anyone access systems or run code

Having an allow-list in Gemini CLI caused a few issues, but Google patched it up.

Gemini CLI bug let hackers run hidden code via README files

Google’s Gemini CLI tool, launched on June 25, 2025, was found to contain a security flaw shortly after its release. Cybersecurity researchers at Tracebit discovered the vulnerability, which could have allowed threat actors to target developers with malware and exfiltrate data without their knowledge. Google has since released version 0.1.14 to address the issue. The security flaw stemmed from Gemini CLI’s ability to automatically execute comman…

구글, 제미나이 CLI 보안 취약점 패치···명령어 위장 통한 데이터 탈취 우려

Open the article to view the coverage from CIO

Google patches Gemini CLI tool after prompt injection flaw uncovered

It’s barely been out for a month and already security researchers have discovered a prompt injection vulnerability in Google’s Gemini command line interface (CLI) AI agent that could be exploited to steal sensitive data such as credentials and API keys from unwary developers. Gemini CLI integrates Google’s LLM with traditional command line tools such as PowerShell or Bash. This allows developers to use natural language prompts to speed up tasks …

A flaw in Google’s new Gemini CLI tool could’ve allowed hackers to exfiltrate data

Security researchers have discovered a vulnerability in Google's Gemini command line interface (CLI) that enables malicious command execution and silent data infiltration.