WebSocket Vulnerability in Claude Code for VSCode and JetBrains IDEs
CVE-2025-52882

8.8HIGH

Key Information:

Vendor: Anthropics
Status: Claude-code
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-52882?

Claude Code, a coding tool available as extensions for VSCode and JetBrains IDEs, has a vulnerability that allows unauthorized WebSocket connections. When users visit malicious websites, attackers can exploit this flaw to gain access to sensitive information, such as file lists and diagnostic data, or even execute code in certain cases. Users of Claude Code in VSCode and JetBrains are encouraged to update or uninstall older versions of the extensions to mitigate this risk.

Affected Version(s)

claude-code >= 0.2.116 < 1.0.24

References

https://github.com/anthropics/claude-code/security/adviso...

x_refsource_CONFIRM

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 20, 2025

Anthropics

What is CVE-2025-52882?

Affected Version(s)

References

CVSS V4

Timeline