CVE-2025-59536
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-03

Last updated on: 2025-10-23

Assigner: GitHub, Inc.

Description
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-03
Last Modified
2025-10-23
Generated
2026-06-16
AI Q&A
2025-10-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-59536
EUVD
EUVD-2025-32507
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_code to 1.0.111 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Code Injection issue in Claude Code versions before 1.0.111. Due to a bug in the startup trust dialog, Claude Code could be tricked into executing code contained in a project before the user accepted the trust dialog. This means that if a user starts Claude Code in an untrusted directory, malicious code could run without explicit user approval.

Impact Analysis

The vulnerability can lead to unauthorized code execution on your system if you open Claude Code in an untrusted directory. This could result in malicious actions being performed without your consent, potentially compromising your system's security and data integrity.

Mitigation Strategies

Update Claude Code to version 1.0.111 or later. Users who rely on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates should update to the latest version to mitigate this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59536. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart