Login Sign Up

CVE-2025-58764

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2025-58764 is a command injection vulnerability in Claude Code that allows bypassing the confirmation prompt to execute untrusted commands. This affects users of Claude Code versions prior to 1.0.105 who can add untrusted content to the context window. The vulnerability enables arbitrary command execution with the privileges of the Claude Code process.

💻 Affected Systems

Products:
  • Claude Code
Versions: All versions prior to 1.0.105
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires ability to add untrusted content to Claude Code context window. Auto-update users should already be protected.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary command execution, potentially leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Execution of malicious commands within the Claude Code environment, potentially leading to privilege escalation, data exfiltration, or lateral movement.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are in place, though command execution bypass remains possible.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to inject content into Claude Code context window. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.105 or later

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-qxfv-fcpc-w36x

Restart Required: Yes

Instructions:

1. Check current Claude Code version
2. If version is earlier than 1.0.105, update to latest version
3. Restart Claude Code application
4. Verify update completed successfully

🔧 Temporary Workarounds

Disable Claude Code

all

Temporarily disable Claude Code until patching can be completed

# Linux/macOS: Stop Claude Code process
# Windows: Use Task Manager to end Claude Code process

Restrict Context Window Input

all

Limit what content can be added to Claude Code context window

🧯 If You Can't Patch

  • Implement strict input validation for Claude Code context window content
  • Run Claude Code with minimal privileges and in isolated environment

🔍 How to Verify

Check if Vulnerable:

Check Claude Code version - if earlier than 1.0.105, system is vulnerable

Check Version:

# Check Claude Code version in application settings or about dialog

Verify Fix Applied:

Confirm Claude Code version is 1.0.105 or later

📡 Detection & Monitoring

Log Indicators:

  • Unexpected command execution patterns
  • Failed confirmation prompt bypass attempts
  • Unusual process spawning from Claude Code

Network Indicators:

  • Unexpected outbound connections from Claude Code process
  • Command and control traffic patterns

SIEM Query:

process_name:"claude-code" AND (command_execution OR suspicious_child_process)

📊 Metadata

CVE ID: CVE-2025-58764
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.1% exploit probability (28.5th percentile)
Published: September 10, 2025
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58764, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)