PT-2025-40458 · Anthropic · Claude-Code

·

CVE-2025-59536

·

Published

2025-10-03

·

Updated

2026-07-15

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111
Description Claude Code is an agentic coding tool that contains a bug in the startup trust dialog implementation. This flaw allows for code injection, where the tool can be tricked into executing code contained within a project before the user has accepted the startup trust dialog. Successful exploitation requires a user to start the tool in an untrusted directory.
Recommendations Update to version 1.0.111 or later.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-59536
GHSA-4FGQ-FPQ9-MR3G

Affected Products

Claude-Code