Code Injection Vulnerability in Claude Code by Anthropic
CVE-2025-59536

8.7HIGH

Key Information:

Vendor

Anthropics

Status
Claude-code
Vendor
CVE Published:
3 October 2025

Badges

πŸ”₯ Trending nowπŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 7,320πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-59536?

CVE-2025-59536 is a code injection vulnerability present in Claude Code, an intelligent coding tool developed by Anthropic. This product allows users to create and manage code projects with enhanced coding capabilities. The vulnerability arises from a flaw in the startup trust dialog, which fails to adequately verify the source of code prior to execution. As a result, an attacker could exploit this vulnerability by tricking Claude Code into running malicious code embedded in a project, especially if initiated from an untrusted directory. The implications of such an exploitation could be dire, potentially compromising sensitive information, disrupting business operations, or leading to further infiltration of an organization’s network. This flaw has been addressed in version 1.0.111, which users are encouraged to upgrade to for safeguarding against the associated risks.

Potential impact of CVE-2025-59536

  1. Unauthorized Code Execution: The primary risk associated with CVE-2025-59536 is that it allows for the execution of arbitrary code. If exploited, this can lead to unauthorized access to systems and data, providing attackers with the ability to manipulate or compromise organizational assets.

  2. Data Breaches: Through code injection, attackers could gain access to sensitive information, potentially resulting in data breaches. The loss or exposure of proprietary or confidential data could have severe implications, including legal repercussions and loss of customer trust.

  3. Operational Disruption: The ability to execute malicious code could disrupt normal operations, leading to downtime or operational inefficiencies. This could impact business continuity and incur significant costs related to recovery and remediation efforts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

claude-code < 1.0.111

News Articles

favicon imageDark Reading

Flaws in Claude Code Put Developers' Machines at Risk

The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains.

3 days ago

favicon imageThe Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.

3 days ago

References

https://github.com/anthropics/claude-code/security/adviso...
x_refsource_CONFIRM

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

JSON
.