CVE-2025-64755
@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes
In short
Claude Code had a flaw in how it validated sed commands, allowing attackers to bypass safety protections and write files anywhere on the system. This could let malicious code modify or create files, potentially compromising the entire system.
Technical detail
A sed command parsing error in Claude Code versions prior to 2.0.31 allowed bypassing read-only file validation, enabling arbitrary file writes via crafted sed commands. An attacker with control over Claude Code input could exploit this OS command injection vector to modify system files or inject malicious code, with no authentication required beyond tool access.
Summary generated and translated by AI from the official description.
Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
anthropics · claude-codeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →