CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58764 – Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution
https://notcve.org/view.php?id=CVE-2025-58764
10 Sep 2025 — Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version. • https://github.com/anthropics/claude-code/security/advisories/GHSA-qxfv-fcpc-w36x • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55284 – Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
https://notcve.org/view.php?id=CVE-2025-55284
16 Aug 2025 — Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update received this fix automatically after release. Current users of Claude Code are unaffected, as versions... • https://github.com/anthropics/claude-code/security/advisories/GHSA-x5gv-jw7f-j6xj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54794 – Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access
https://notcve.org/view.php?id=CVE-2025-54794
05 Aug 2025 — Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111. Claude Code es una herramienta de codificación age... • https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54795 – Claude Code echo command allowed bypass of user approval prompt for command execution
https://notcve.org/view.php?id=CVE-2025-54795
05 Aug 2025 — Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20. Claude Code es una herramienta de codificación agentica. • https://github.com/anthropics/claude-code/security/advisories/GHSA-x56v-x2h6-7j34 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52882 – Claude Code IDE extensions allow websocket connections from arbitrary origins
https://notcve.org/view.php?id=CVE-2025-52882
24 Jun 2025 — Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 are vulnerable. For Jetbrains IDE plugins, Claude Code [beta] versions 0.1.1 through 0.1.8 are vulnerable. In VSCode (and forks), exploitation... • https://github.com/anthropics/claude-code/security/advisories/GHSA-9f65-56v6-gxw7 • CWE-1385: Missing Origin Validation in WebSockets •