- Gemini can automatically run some commands that were previously placed in an permission list
- If a gentle command was paired with a malicious, Gemini could carry out it without any warning
- The version addresses 0.1.14 defects, so users should now update
A security defect in Google’s new Gemini CLI Tool allows danger actors to target software developers MalwareEven exfiltrating sensitive information from their equipment, to know anytime without them.
On June 25, 2025, the first time after Mithun CLI was launched for the first time, Tresbit’s cybercity researchers were discovered.
Google released a fix with a 0.1.14 version, which is now available for download.
Hide the attack
Gemini CLI is a device that allows developers to talk directly from the command line to AI (Gemini). It can understand the code, suggest, and even run commands on the user’s device.
The problem stems from the fact that Gemini can automatically run some orders that were previously placed in an permission list. According to tracebit, there was a way to secretly secretly, hidden in files, which reads Gemini, such as readme.md.
In a test, one appears to have been paired with a malicious command, which was exfiltrated to a third-party server (eg system variables or credentials).
Because Mithun thought that this is just a reliable command, it did not warn the user or asked for approval. Tracebit also says that malicious command can be hidden using clever formatting, so users will not even see it.
“The malicious command can be anything (installing a remote shell, deleting files, etc.),” the researchers explained.
The attack is not so easy, however, to pull. This requires a slight setting, which involves having a reliable command in the permission-list, but it can still be used to trick unheard developers in running dangerous codes.
Google has now packed the problem, and if you are using Gemini CLI, be sure to update the version 0.1.14 or new version as soon as possible. In addition, make sure that it does not run on unknown, or incredible code (unless you are in a safe test environment).
Through BlappingCopper
