CVE-2025-59536
Claude Code's startup trust dialog could lead to Command Execution attack
In short
Claude Code versions before 1.0.111 could execute malicious code from a project before asking the user for permission. An attacker could trick users into opening an untrusted folder, allowing unauthorized code execution on their computer.
Technical detail
CWE-94 Code Injection vulnerability in Claude Code's startup trust dialog allows arbitrary code execution when a user initiates the application in an untrusted directory. The vulnerability bypasses the trust prompt mechanism, executing embedded project code before user consent is obtained. Remediated in version 1.0.111.
Summary generated and translated by AI from the official description.
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
anthropics · claude-codeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →