CVE-2025-54794

High CVSS: 7.7

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.

Vendor

Anthropic

Product

Claude Code

CWE

CWE-22

Yayın Tarihi

2025-08-05 01:15:41

Güncelleme

2025-10-27 18:01:20

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Claude Code HIGH Anthropic 2025

Referanslar

https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2

Benzer Kayıtlar

Medium

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336…

High

CVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, includ…

Low

CVE-2026-25724

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configu…

High

CVE-2026-25725

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to p…

High

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory change…

High

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using p…