CVE-2025-54795

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.20 Claude Code versions prior to 1.0.24

Description Claude Code is an agentic coding tool. An error in command parsing allows bypassing the confirmation prompt, leading to the execution of untrusted commands. Successful exploitation requires the ability to inject untrusted content into a Claude Code context window. This issue affects versions prior to 1.0.20 and 1.0.24. The vulnerability allows a remote attacker to impact confidentiality and execute arbitrary commands.

Recommendations Update to version 1.0.20 or later. Update to version 1.0.24 or later.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-13142

CVE-2025-54795

GHSA-X56V-X2H6-7J34

Affected Products

Claude-Code

CVE-2025-54795

Weakness Enumeration

Related Identifiers

Affected Products

References · 29