CVE-2025-64755

High CVSS: 8.7

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.

Vendor

Anthropic

Product

Claude Code

CWE

CWE-78

Yayın Tarihi

2025-11-21 02:15:43

Güncelleme

2025-12-04 18:03:51

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Claude Code HIGH Anthropic 2025

Referanslar

https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q

Benzer Kayıtlar

Medium

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336…

High

CVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, includ…

Low

CVE-2026-25724

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configu…

High

CVE-2026-25725

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to p…

High

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory change…

High

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using p…