File Write Vulnerability in Claude Code by Anthropic

CVE-2025-64755

What is CVE-2025-64755?

CVE-2025-64755 is a vulnerability found in Claude Code, an intelligent coding assistant developed by Anthropic. This tool leverages artificial intelligence to aid developers in writing and optimizing code. The vulnerability arises from a flaw in the parsing of the sed command, which allowed adversaries to bypass the intended read-only validation. Consequently, this could enable unauthorized file write capabilities on the host system, jeopardizing the integrity of both the software and the surrounding environment. With the ability to manipulate files, an attacker could potentially alter application behavior, corrupt data, or introduce malicious content, which poses significant risks for organizations relying on this coding tool.

Potential impact of CVE-2025-64755

1. Unauthorized File Manipulation: The vulnerability allows attackers to write to arbitrary files, potentially leading to data corruption or the introduction of harmful data. This can result in significant operational disruptions.

2. Compromise of System Integrity: With the ability to manipulate system files, attackers could modify critical application configurations or settings, leading to unauthorized behavior and affecting the overall security posture of the organization.

3. Exploitation Risks: Although there are currently no known exploitations in the wild, the nature of this vulnerability can attract threat actors seeking to gain control over affected systems, increasing the footprint for additional attacks or ransomware deployment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References