CVE-2025-65099 — Code Injection in Claude-code

CWE-94 — Code Injection3 documents3 sources

Severity

7.7HIGHNVD

EPSS

0.1%

top 77.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anthropics Claude-code Anthropic Claude Code Anthropic-ai Claude-code

Timeline

PublishedNov 19

Description

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDanthropic/claude_code< 1.0.39

▶CVEListV5anthropics/claude-code< 1.0.39

▶npmanthropic-ai/claude-code< 1.0.39

🔴Vulnerability Details

GHSA

Claude Code vulnerable to command execution prior to startup trust dialog↗2025-11-19

▶

OSV

Claude Code vulnerable to command execution prior to startup trust dialog↗2025-11-19

▶