Google Gemini security flaw could have let anyone access systems or run code

Gemini could automatically run certain commands that were previously placed on an allow-list
If a benign command was paired with a malicious one, Gemini could execute it without warning
Version 0.1.14 addresses the flaw, so users should update now

A security flaw in Google’s new Gemini CLI tool allowed threat actors to target software developers with malware, even exfiltrating sensitive information from their devices, without them ever knowing.

The vulnerability was discovered by cybersecurity researchers from Tracebit just days after Gemini CLI was first launched on June 25, 2025.

Google released a fix with the version 0.1.14, which is now available for download.

Hiding the attack in plain sight

Gemini CLI is a tool that lets developers talk to Google’s AI (called Gemini) directly from the command line. It can understand code, make suggestions, and even run commands on the user’s device.

The problem stems from the fact that Gemini could automatically run certain commands that were previously placed on an allow-list. According to Tracebit, there was a way to sneak hidden, malicious instructions into files that Gemini reads, like README.md.

In one test, a seemingly harmless command was paired with a malicious one that exfiltrated sensitive information (such as system variables or credentials) to a third-party server.

Because Gemini thought it was just a trusted command, it didn’t warn the user or ask for approval. Tracebit also says the malicious command could be hidden using clever formatting, so users wouldn’t even see it happening.

“The malicious command could be anything (installing a remote shell, deleting files, etc),” the researchers explained.

The attack is not that easy to pull off, though. It requires a little setting up, including having a trusted command on the allow-list, but it could still be used to trick unsuspecting developers into running dangerous code.

Google has now patched the problem, and if you’re using Gemini CLI, make sure to update to version 0.1.14 or newer as soon as possible. Also, make sure not to run it on unknown, or untrusted code (unless you’re in a secure test environment).

Via BleepingComputer

What's Hot

My Health Anxiety Means I Won’t Use Apple’s or Samsung’s Smartwatches. Here’s Why

You can now buy the OnePlus 15 in the US and score free earbuds if you hurry

Today’s NYT Connections: Sports Edition Hints, Answers for Dec. 22 #455

Your next Legion Go 2 might run SteamOS instead of Windows 11

Gear News of the Week: LG Debuts an RGB LED TV, and Google Brings Find Hub to Wear OS

Deals: Freebies with Google Pixels, discounts on Xiaomi 15, Poco F7 Ultra, and more

NYT Strands hints and answers for Monday, August 11 (game #526)

These 2 Cities Are Pushing Back on Data Centers. Here’s What They’re Worried About

Today’s NYT Connections: Sports Edition Hints, Answers for Sept. 4 #346

Most Popular

Best Fitbit fitness trackers and watches in 2025

There are still 200+ Prime Day 2025 deals you can get

The best earbuds we’ve tested for 2025

Our Picks