PT-2025-33516 · Anthropic · Claude-Code

Wunderwuzzi23

Publicado

2025-08-16

Atualizado

2026-03-31

CVE-2025-55284

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.4 Claude Code versions prior to 1.0.24

Description: Claude Code is an agentic coding tool. Prior to version 1.0.4, it’s possible to bypass the confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window.

Recommendations: Update to version 1.0.4 or later. Update to version 1.0.24 or later.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2025-55284

GHSA-X5GV-JW7F-J6XJ

Produtos afetados

Claude-Code

PT-2025-33516 · Anthropic · Claude-Code

CVE-2025-55284

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13