cvedb.io
CVE-2025-54795
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-08-05T01:15:42.023 · Last modified 2026-06-17T09:40:43.173

Summary

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.

Affected products

anthropic — claude_code

Does this affect you?

Add your gear to cvedb and we'll alert you only when anthropic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.