CVE-2025-54795
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-10-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude_code | to 1.0.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54795 is a command injection vulnerability in the Claude Code tool versions prior to 1.0.20. Due to improper command parsing, an attacker can bypass the confirmation prompt and execute untrusted operating system commands. Exploiting this requires the attacker to inject untrusted content into a Claude Code context window. This vulnerability is related to CWE-78, where external input is not properly sanitized before being used in OS commands. [1]
How can this vulnerability impact me? :
This vulnerability can have a high impact on confidentiality, integrity, and availability of the affected system. An attacker can remotely execute arbitrary OS commands without privileges or user approval, potentially leading to unauthorized data access, modification, or disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if a vulnerable version of the @anthropic-ai/claude-code package (prior to v1.0.20) is in use. Since exploitation requires injecting untrusted content into a Claude Code context window and bypasses the confirmation prompt, monitoring for unexpected command executions or suspicious input patterns in Claude Code sessions may help. However, no specific detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the @anthropic-ai/claude-code package to version 1.0.20 or later, as the vulnerability is fixed in that version. Users on standard Claude Code auto-update channels have already been automatically patched. Additionally, avoid allowing untrusted content to be injected into Claude Code context windows to prevent exploitation. [1]