Google Gemini CLI RCE: CVSS 10 Flaw Exposes CI/CD to Attack

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerabilitycloudtools
Google Gemini CLI RCE: CVSS 10 Flaw Exposes CI/CD to Attack

Google has patched a critical remote code execution (RCE) vulnerability in its Gemini CLI, specifically impacting the @google/gemini-cli npm package and the google-github-actions/run-gemini-cli GitHub Actions workflow. The Hacker News reports this flaw, rated CVSS 10.0, could allow an unprivileged external attacker to inject malicious content as Gemini configuration, leading to arbitrary command execution on host systems.

This isn’t just another bug; it’s a supply chain risk targeting CI/CD pipelines. An attacker exploiting this could compromise build environments, inject backdoors into deployed applications, or exfiltrate sensitive source code and credentials. The implications extend far beyond a single compromised CLI session, potentially affecting entire development and deployment lifecycles.

For defenders, this highlights the persistent challenge of securing developer tooling and CI/CD infrastructure. Even seemingly minor CLI utilities, when integrated into automated workflows, can become high-severity attack vectors if not rigorously secured. The attacker’s calculus here is clear: target the weakest link in the build chain for maximum impact.

What This Means For You

  • If your organization uses the `@google/gemini-cli` npm package or the `google-github-actions/run-gemini-cli` GitHub Action, patch immediately. Prioritize a review of all CI/CD pipelines where Gemini CLI is integrated. Look for any anomalous build activity or unauthorized code changes that might indicate a prior compromise.

Related ATT&CK Techniques

T1078.004 Abuse Cloud Accounts Initial Access T1505.003 Exploit via Software Supply Chain Initial Access T1059.004 Command and Scripting Interpreter: Unix Shell Execution

πŸ›‘οΈ Detection Rules

1 rule Β· 6 SIEM formats

1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

high vulnerability event-type

Exploitation Attempt β€” Google

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM β†’

Indicators of Compromise

IDTypeIndicator
Gemini-CLI-RCE RCE npm package @google/gemini-cli
Gemini-CLI-RCE RCE GitHub Actions workflow google-github-actions/run-gemini-cli
Gemini-CLI-RCE Code Injection Malicious content loading as Gemini configuration

Written by SCW Vulnerability Desk

Take action on this incident
πŸ“‘ Monitor google.com Free Β· 1 watchlist slot Β· instant alerts on new breaches πŸ” Threat intel on Google All breaches, IOCs & vendor exposure

Related coverage on Google

Researchers Build LLM Limited to Pre-1931 Knowledge for Bias Study

Researchers have developed 'Talkie,' a 13-billion-parameter language model intentionally restricted to information published before 1931. According to Malwarebytes Blog, this novel approach aims to mitigate...

malwarethreat-intelransomwaredata-breachcloudidentityai-securitytools
/SCW Research /HIGH

Qinglong Task Scheduler Exploited for Cryptomining via RCE Flaws

BleepingComputer reports that attackers are actively exploiting two authentication bypass vulnerabilities in Qinglong, an open-source task scheduling tool. These flaws, if left unaddressed, allow threat...

threat-inteldata-breachmalwarevulnerabilitycloudidentitytoolsbleepingcomputer
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs

AI Reverse Engineering Unearths High-Severity GitHub Bug

AI-powered reverse engineering is proving its worth in vulnerability research, with Dark Reading reporting that Wiz leveraged such a tool to uncover a high-severity GitHub...

threat-inteltoolsvulnerability
/SCW Vulnerability Desk /MEDIUM /⚑ 1 IOC /⚙ 3 Sigma