CVE-2025-59536

Claude Code's startup trust dialog could lead to Command Execution attack

Assigner: GitHub_M
Reserved: 17.09.2025 Published: 03.10.2025 Updated: 03.10.2025

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	anthropics
Product	claude-code
Versions	Version < 1.0.111 is affected

Vendor

anthropics

Product

claude-code

Versions

Version < 1.0.111 is affected

References

Problem Types

CWE-94: Improper Control of Generation of Code ('Code Injection') CWE

CVE-2025-59536 PUBLISHED

Claude Code's startup trust dialog could lead to Command Execution attack

Metrics

Product Status

References

Problem Types