CVE-2025-54795OS Command Injection in Claude-code

CWE-78OS Command Injection5 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.1%
top 72.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Anthropics Claude-codeAnthropic Claude CodeAnthropic-ai Claude-code
Timeline
PublishedAug 5
Latest updateOct 22

Description

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDanthropic/claude_code< 1.0.20
CVEListV5anthropics/claude-code< 1.0.20

🔴Vulnerability Details

2
GHSA
Claude Code echo command allowed bypass of user approval prompt for command execution2025-08-04
OSV
Claude Code echo command allowed bypass of user approval prompt for command execution2025-08-04

🕵️Threat Intelligence

2
Trailofbits
Prompt injection to RCE in AI agents2025-10-22
Trailofbits
Prompt injection to RCE in AI agents2025-10-22