CVE-2025-59041
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-10-22

Assigner: GitHub, Inc.

Description
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-10-22
Generated
2026-05-07
AI Q&A
2025-09-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59041
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_code to 1.0.105 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-59041 is a vulnerability in Claude Code versions prior to 1.0.105 where the software executes a command at startup that includes the output of `git config user.email` without proper sanitization. If an attacker sets a maliciously crafted git user email, they can inject and execute arbitrary code before the user accepts the workspace trust dialog. This happens because the input is not neutralized, allowing code injection. [1]


How can this vulnerability impact me? :

This vulnerability can lead to arbitrary code execution on your system without requiring any privileges, potentially compromising confidentiality, integrity, and availability of your system. An attacker can remotely exploit this by configuring a malicious git user email, and the code executes before the user accepts the workspace trust dialog, which could lead to unauthorized actions or system compromise. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking the version of the @anthropic-ai/claude-code package installed on your system. If the version is prior to 1.0.105, it is vulnerable. Additionally, inspect the git user email configuration for any suspicious or maliciously crafted values by running the command: `git config user.email`. If the email contains unusual characters or code, it may indicate an attempt to exploit this vulnerability. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediately update the @anthropic-ai/claude-code package to version 1.0.105 or later. Users with standard auto-update enabled should already be patched. For manual updates, upgrade as soon as possible. Additionally, review and sanitize the git user email configuration to ensure it does not contain malicious code or characters. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart