CVE-2025-59536Code Injection in Claude-code

CWE-94Code Injection4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.0%
top 92.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Anthropics Claude-codeAnthropic Claude CodeAnthropic-ai Claude-code
Timeline
PublishedOct 3
Latest updateApr 1

Description

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the l

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDanthropic/claude_code< 1.0.111
CVEListV5anthropics/claude-code< 1.0.111

🔴Vulnerability Details

2
OSV
Claude Code can execute commands prior to the startup trust dialog2025-10-03
GHSA
Claude Code can execute commands prior to the startup trust dialog2025-10-03

🕵️Threat Intelligence

1
Zscaler
Anthropic Claude Code Leak | ThreatLabz2026-04-01