CVE-2025-66032

High CVSS: 8.7

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.

Vendor

Anthropic

Product

Claude Code

CWE

CWE-77

Yayın Tarihi

2025-12-03 19:15:57

Güncelleme

2025-12-05 16:29:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-77 Claude Code HIGH Anthropic 2025

Referanslar

https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3

Benzer Kayıtlar

Medium

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336…

High

CVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, includ…

Low

CVE-2026-25724

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configu…

High

CVE-2026-25725

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to p…

High

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory change…

High

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using p…