CVE-2025-59829
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-03

Last updated on: 2025-10-24

Assigner: GitHub, Inc.

Description
Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.120.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-03
Last Modified
2025-10-24
Generated
2026-06-16
AI Q&A
2025-10-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59829
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_code to 1.0.120 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Claude Code versions below 1.0.120 did not properly handle symbolic links (symlinks) when enforcing permission deny rules. This means that if a user denied Claude Code access to a file, but there was a symlink pointing to that file which Claude Code could access, the tool could still access the file through the symlink. This issue was fixed in version 1.0.120.

Impact Analysis

This vulnerability could allow Claude Code to access files that a user explicitly denied it access to, by exploiting symlinks. This could lead to unauthorized access to sensitive files, potentially exposing private or confidential information.

Mitigation Strategies

Update Claude Code to version 1.0.120 or later. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates should update to the latest version to mitigate this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart