CVE-2025-66032

Claude Code Command Validation Bypass Allows Arbitrary Code Execution

CVSS 8.7 HIGHEPSS 0.6%CWE-77

In short

Claude Code before version 1.0.93 has a flaw that allows attackers to run arbitrary code by bypassing safety checks through specially crafted shell commands. This matters because it could let someone execute dangerous commands on a system if they can inject malicious content into Claude Code.

Technical detail

The vulnerability exists in command parsing logic that fails to properly validate shell metacharacters (specifically $IFS and short CLI flags), allowing attackers to circumvent read-only restrictions through command injection. Exploitation requires ability to inject untrusted content into the Claude Code context; successful exploitation results in arbitrary code execution with the privileges of the running process.

Summary generated and translated by AI from the official description.

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

anthropics · claude-code

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3