CVE-2025-58764
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-10-24

Assigner: GitHub, Inc.

Description
Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-10-24
Generated
2026-04-27
AI Q&A
2025-09-10
EPSS Evaluated
2026-04-26
NVD
CVE-2025-58764
EUVD
EUVD-2025-27564
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_code to 1.0.105 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-58764 is a high-severity command injection vulnerability in the Claude Code tool (npm package @anthropic-ai/claude-code) affecting versions prior to 1.0.105. Due to an error in command parsing, attackers can bypass the user confirmation prompt and execute arbitrary commands without user consent if they can inject untrusted content into a Claude Code context window. This flaw arises from improper handling of externally-influenced input used in code generation (CWE-94). [1]


How can this vulnerability impact me? :

Successful exploitation of this vulnerability can lead to full compromise of system confidentiality, integrity, and availability. Attackers can execute arbitrary commands remotely without privileges, potentially leading to unauthorized data access, modification, or system disruption. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves checking the version of the @anthropic-ai/claude-code package installed on your system. If the version is prior to 1.0.105, the system is vulnerable. You can run commands like `npm list @anthropic-ai/claude-code` or `npm ls @anthropic-ai/claude-code` to determine the installed version. Additionally, monitoring for unexpected or unapproved command executions within Claude Code context windows may indicate exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the @anthropic-ai/claude-code package to version 1.0.105 or later. Users with automatic updates should already have the fix applied. For those performing manual updates, upgrading to the latest version is strongly advised to prevent exploitation. Additionally, avoid allowing untrusted content to be injected into Claude Code context windows to reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart