CVE-2025-547954

Name of the Vulnerable Software and Affected Versions Claude (affected versions not specified)

Description The Claude code exhibits vulnerabilities related to path validation. The system is generally scoped to a current working directory and requests user consent when accessing unfamiliar files or executing commands outside of a predefined set. While dangerous commands are typically blocked or require explicit user confirmation, a prefix-based path validation flaw allows containment bypass, similar to a previously demonstrated issue in Anthropic’s Filesystem MCP Server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.