- Gemini could automatically execute certain commands which were previously placed on a highway list
- If a Benin command was twinned with a maliciousness, the Gemini could execute it without warning
- Version 0.1.14 tackles the fault, so that users must update now
A security defect in the new Google CLI Gemini tool has allowed threat stakeholders to target software developers with malicious software, even by exfiltrating sensitive information from their devices, without them never knowing it.
Vulnerability was discovered by Cybersecurity researchers from Tracebit only a few days after the launch of the Gemini CLA on June 25, 2025.
Google has published a corrective with version 0.1.14, which is now available for download.
Hide the attack in sight
Gemini CLI is a tool that allows developers to speak directly to Google AI (called Gemini) from the command line. He can understand the code, make suggestions and even execute commands on the user’s device.
The problem stems from the fact that Gemini could automatically execute certain orders which were previously placed on an authorization list. According to Tracebit, there was a way to sneak hidden and malicious instructions in files that Gemini lits, like Readme.md.
In a test, an apparently harmless command was associated with a malicious order which has exfiltrated sensitive information (such as system variables or identification information) with a third -party server.
Because Gemini thought it was just an order of trust, it did not warn the user or asked for approval. Tracebit also indicates that the malicious command could be hidden using intelligent formatting, so users would not even see it.
“The malicious command could be anything (installing a remote shell, deleting files, etc.),” said the researchers.
The attack is not so easy to remove, however. This requires a little configuration, including having an order of confidence on the authorization list, but it could always be used to encourage unpaid developers to execute dangerous code.
Google has now corrected the problem, and if you use Gemini Cli, be sure to update to version 0.1.14 or more recent as soon as possible. Also be sure not to run it on an unknown or unreliable code (unless you are in a secure test environment).
Via Bleeping Compompute
