PT-2025-33516 · Anthropic · Claude-Code
Wunderwuzzi23
·
Published
2025-08-16
·
Updated
2026-03-31
·
CVE-2025-55284
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Claude Code versions prior to 1.0.4
Claude Code versions prior to 1.0.24
Description:
Claude Code is an agentic coding tool. Prior to version 1.0.4, it’s possible to bypass the confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window.
Recommendations:
Update to version 1.0.4 or later.
Update to version 1.0.24 or later.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Claude-Code