CVE-2025-64755

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.31

Description Claude Code is an agentic coding tool that had a critical remote code execution issue. Prior to version 2.0.31, an error in sed command parsing allowed bypassing the read-only validation, enabling writing to arbitrary files on the host system. This bypass was achieved through a flaw in the regex validation of sed commands, specifically failing to account for the absence of a space between the command and the file path. This allowed attackers to inject malicious prompts into Git repositories, web pages, or through MCP servers, leading to the execution of arbitrary code via modification of system files such as .zshenv, .bashrc, or .profile. The issue was triggered when Claude Code interpreted these injected instructions as commands from the user. The vulnerability could be exploited to gain persistence on the system by modifying shell configuration files, which would then be executed upon terminal opening or SSH connection.

Recommendations Update Claude Code to version 2.0.31 or later.