CVE-2025-54795
Claude Code echo command allowed bypass of user approval prompt for command execution
In short
Claude Code has a flaw that lets attackers run commands without getting permission from the user. An attacker needs to insert malicious content into the chat, and the tool will execute their command without asking for approval first.
Technical detail
CWE-78 command injection vulnerability in Claude Code versions <1.0.20 allows bypass of user confirmation prompts through a command parsing error. Attack vector requires injecting untrusted content into the context window; impact is arbitrary command execution with user privileges without explicit approval.
Summary generated and translated by AI from the official description.
Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
anthropics · claude-codeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →