Ethan-Yang-Opcia

**Name of the Vulnerable Software and Affected Versions** Cloud CLI (aka Claude Code UI) versions prior to 1.25.0 **Description** Cloud CLI, a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI, contains a flaw due to OS Command Injection via WebSocket Shell. The `projectPath` and `initialCommand` parameters in the `server/index.js` file are directly incorporated into a bash command string without proper sanitization, allowing for arbitrary OS command execution. A further injection point exists through the unsanitized `sessionId`. This issue allows unauthenticated remote code execution on any instance running with the default configuration. The root cause is the insecure default JWT secret combined with a WebSocket authentication function that bypasses database user validation. The vulnerability allows full OS command execution, file system access, credential theft, and potential lateral movement within the network. The `projectPath` parameter is also susceptible to double-quote escape injection. **Recommendations** Versions prior to 1.25.0 should be updated to version 1.25.0 or later. Enforce an explicit `JWT SECRET` environment variable and remove the insecure default value. Add a database user existence check in the WebSocket authentication process. Replace shell string interpolation with a spawn argument array.