CVE-2025-66032

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.93

Description Claude Code is an agentic coding tool. Prior to version 1.0.93, errors in parsing shell commands related to

$IFS

and short CLI flags allowed bypassing the read-only validation, potentially leading to arbitrary code execution. Successful exploitation requires the ability to inject untrusted content into a Claude Code context window.

Recommendations Update to version 1.0.93 or later.

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2025-66032

Affected Products

Claude-Code

CVE-2025-66032

Weakness Enumeration

Related Identifiers

Affected Products

References · 9