CVE-2025-59536

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111

Description Claude Code, an agentic coding tool, had a flaw in its startup trust dialog implementation. This allowed the tool to execute code from a project before the user confirmed the trust dialog. To exploit this, a user needed to launch Claude Code within an untrusted directory. Real-world incidents included the theft of a Gemini API key resulting in a loss of $82,000 within 48 hours, and the exfiltration of credentials via a Claude Code MCP configuration. The issue was addressed in version 1.0.111. Exploitation involved malicious configurations, specifically within .claude/settings.json files, utilizing command hooks to execute code upon cloning a repository. The vulnerability could lead to Remote Code Execution (RCE) and API token theft.

Recommendations Update Claude Code to version 1.0.111 or later.