Elad Beber

**Name of the Vulnerable Software and Affected Versions** Windows Admin Center (affected versions not specified) **Description** Improper neutralization of input during web page generation leads to cross-site scripting (XSS), which is a flaw where malicious scripts are injected into trusted websites. An unauthorized attacker can craft a malicious gateway URL that triggers a response-based XSS within the error handling of the software. When visited by a privileged Azure administrator, this allows JavaScript execution under the software origin. This can lead to arbitrary PowerShell execution on every managed server the victim has access to without requiring credentials. In on-premises deployments, this chain enables the theft of Azure access and refresh tokens from local storage, allowing for full tenant impersonation and lateral movement into EntraID and Azure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Admin Center versions prior to 0.70.00 **Description** Improper verification of cryptographic signatures in the Azure AD SSO implementation of Windows Admin Center allows an authorized attacker with local administrator access on a machine to bypass authentication and authorization mechanisms. The issue stems from the improper validation of Proof-of-Possession (PoP) tokens, where a stolen admin access token can be mixed with a forged PoP token to impersonate privileged users. This can lead to local privilege escalation, lateral movement across the entire tenant, and tenant-wide remote code execution (RCE). The exploitation involves sending a specially crafted HTTPS request. **Recommendations** Update Windows Admin Center Azure Extension to version 0.70.00 or later.

**Name of the Vulnerable Software and Affected Versions** Claude Code versions prior to 0.2.111 **Description** Claude Code is an agentic coding tool affected by a path validation issue. This flaw uses prefix matching instead of canonical path comparison, allowing bypass of directory restrictions and access to files outside the current working directory (CWD). Successful exploitation requires the presence of, or the ability to create, a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. Reports indicate this issue was exploited as a prompt injection flaw. **Recommendations** Update Claude Code to version 0.2.111 or later.

**Name of the Vulnerable Software and Affected Versions** Claude Code versions prior to 1.0.20 Claude Code versions prior to 1.0.24 **Description** Claude Code is an agentic coding tool. An error in command parsing allows bypassing the confirmation prompt, leading to the execution of untrusted commands. Successful exploitation requires the ability to inject untrusted content into a Claude Code context window. This issue affects versions prior to 1.0.20 and 1.0.24. The vulnerability allows a remote attacker to impact confidentiality and execute arbitrary commands. **Recommendations** Update to version 1.0.20 or later. Update to version 1.0.24 or later.

Name of the Vulnerable Software and Affected Versions: Filesystem versions prior to 0.6.3 Filesystem version 2025.7.1 and earlier Description: The issue allows access to unintended files when the prefix matches an allowed directory. Users can resolve the issue by upgrading to version 2025.7.1. Recommendations: For versions prior to 0.6.3, update to version 2025.7.1 to prevent unauthorized file access. For version 2025.7.1 and earlier, update to version 2025.7.1 to resolve the issue.