Directory Trust Bypass in Claude Code Affected by Yarn Integration
CVE-2025-59828
7.7HIGH
What is CVE-2025-59828?
Claude Code, an advanced coding tool, has a vulnerability that allows Yarn plugins to be auto-executed when checking the Yarn version, prior to user consent on working in untrusted directories. This issue affects versions before 1.0.39 and poses significant security risks. Users running Yarn Classic remain unaffected. The vulnerability has been addressed and users are encouraged to update to the latest version to ensure their security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
claude-code < 1.0.39
References
CVSS V4
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
