CVE-2025-59041 – CVE-2025-59041 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2025-59041?

CVE-2025-59041 has a CVSS score of 9.8 (CRITICAL). CVE-2025-59041 is a critical remote code execution vulnerability in Claude Code where malicious git user.email configuration could execute arbitrary commands before workspace trust dialog acceptance. This affects all Claude Code users with versions before 1.0.105. The vulnerability allows attackers to run code with the privileges of the Claude Code process.

📋 TL;DR

CVE-2025-59041 is a critical remote code execution vulnerability in Claude Code where malicious git user.email configuration could execute arbitrary commands before workspace trust dialog acceptance. This affects all Claude Code users with versions before 1.0.105. The vulnerability allows attackers to run code with the privileges of the Claude Code process.

💻 Affected Systems

Products:

Claude Code

Versions: All versions before 1.0.105

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers at startup when git user.email configuration contains malicious commands.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary commands, install malware, steal credentials, and pivot to other systems.

🟠

Likely Case

Local privilege escalation or execution of malicious scripts when users open projects with malicious git configurations.

🟢

If Mitigated

No impact if patched to version 1.0.105+ or if proper git configuration controls are enforced.

🌐 Internet-Facing: MEDIUM - Requires user to open a maliciously configured project, but can be delivered via cloned repositories.

🏢 Internal Only: HIGH - Internal developers frequently clone and open various git repositories, increasing exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires setting malicious git user.email configuration which can be done via .gitconfig or repository-specific config.

Exploitation requires user to open a project with malicious git configuration, but no user interaction beyond opening the project.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.105

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-j4h9-wv2m-wrf7

Restart Required: Yes

Instructions:

1. Open Claude Code. 2. Go to Settings > Updates. 3. Click 'Check for Updates'. 4. Install version 1.0.105 or later. 5. Restart Claude Code.

🔧 Temporary Workarounds

Disable automatic git config loading

all

Prevent Claude Code from loading git configurations at startup

git config --global claude.code.gitConfig false

Sanitize git user.email configuration

all

Ensure git user.email contains only valid email addresses

git config --global user.email "your-email@example.com"
git config --global --unset-all user.email
git config --global --add user.email "your-email@example.com"

🧯 If You Can't Patch

Restrict git configuration permissions to prevent malicious user.email settings
Use Claude Code only with trusted repositories and verify git configurations before opening

🔍 How to Verify

Check if Vulnerable:

Check Claude Code version in Settings > About. If version is below 1.0.105, you are vulnerable.

Check Version:

claude-code --version

Verify Fix Applied:

Verify version is 1.0.105 or higher in Settings > About. Test by setting a test git user.email and confirming no command execution.

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution from Claude Code startup
Git configuration parsing errors
Commands containing shell metacharacters in git config logs

Network Indicators:

Unusual outbound connections from Claude Code process at startup

SIEM Query:

process_name:"Claude Code" AND (command_line:*git* OR parent_process:git) AND event_type:"process_start"

📊 Metadata

CVE ID: CVE-2025-59041

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.12% exploit probability (31.6th percentile)

Published: September 10, 2025

Last Updated: October 22, 2025

🔗 References

https://github.com/anthropics/claude-code/security/advisories/GHSA-j4h9-wv2m-wrf7 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59041, you might also want to check these: