PT-2025-37056 · Anthropic · Claude-Code

CVE-2025-59041

·

Publicado

2025-09-10

·

Atualizado

2025-09-11

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.105
Description: Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog.
Recommendations: Update to version 1.0.105 or the latest version.

Exploit

Correção

OS Command Injection

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2025-59041
GHSA-J4H9-WV2M-WRF7

Produtos afetados

Claude-Code