CVE-2025-54794

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 0.2.111 Claude Code versions prior to 1.0.24

Description Claude Code contains a path validation flaw where prefix matching is used instead of canonical path comparison. This allows bypassing directory restrictions and accessing files outside the current working directory (CWD). Successful exploitation requires the presence of, or the ability to create, a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window.

Recommendations Update to version 0.2.111 or later. Update to version 1.0.24 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-13141

CVE-2025-54794

GHSA-PMW4-PWVC-3HX2

Affected Products

Claude-Code

CVE-2025-54794

Weakness Enumeration

Related Identifiers

Affected Products

References · 19