CVE-2025-55284
BaseFortify
Publication date: 2025-08-16
Last updated on: 2025-10-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude_code | to 1.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Claude Code versions prior to 1.0.4 allows an attacker to bypass confirmation prompts that normally prevent reading files and sending their contents over the network without user approval. This happens because the software's allowlist of safe commands is too broad, enabling unauthorized file access and data exfiltration if untrusted content can be injected into the Claude Code context window.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive files by allowing attackers to read files and send their contents over the network without user consent. This can result in data breaches, loss of confidentiality, and potential exposure of private or sensitive information.
What immediate steps should I take to mitigate this vulnerability?
Ensure that all Claude Code installations are updated to version 1.0.4 or later, as versions prior to 1.0.24 are deprecated and have been forced to update. Users on standard Claude Code auto-update receive this fix automatically. Avoid using vulnerable versions and restrict the ability to add untrusted content into Claude Code context windows.