File Reading Vulnerability in Claude Code by Anthropic
CVE-2025-55284
What is CVE-2025-55284?
CVE-2025-55284 is a vulnerability identified within the Claude Code software developed by Anthropic, a tool designed to assist developers through its coding capabilities. The vulnerability, which exists in versions prior to 1.0.4, allows for the circumvention of confirmation prompts, enabling an unauthorized entity to read files and transmit their contents over the network without the user's consent. This occurs due to an excessively permissive allowlist that includes safe commands. The risk associated with this flaw is pronounced, particularly if an attacker can inject untrusted content into a Claude Code context window, thereby enabling them to exploit the vulnerability effectively. This poses serious risks for organizations that rely on Claude Code for their development workflows, potentially compromising sensitive data and disrupting operations.
Potential Impact of CVE-2025-55284
-
Data Disclosure: The primary concern is the unauthorized access to sensitive files that could contain confidential or proprietary information. This can lead to significant data breaches, impacting an organization's reputation and legal standing.
-
Operational Disruption: By exploiting this vulnerability, an attacker could disrupt coding operations, as the ability to manipulate or read files can interfere with development processes, slowing down productivity and affecting project timelines.
-
Network Security Risks: The vulnerability also opens up avenues for further exploitation within the network. Once malicious actors have access to file contents, they can leverage this information to launch additional attacks, potentially leading to a wider compromise of the organization’s IT infrastructure.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
claude-code < 1.0.4