CVE-2025-64755 – CVE-2025-64755 is a critical vulnerability in C... (How to Fix)

Q: What is the severity of CVE-2025-64755?

CVE-2025-64755 has a CVSS score of 9.8 (CRITICAL). CVE-2025-64755 is a critical vulnerability in Claude Code versions before 2.0.31 that allows attackers to bypass read-only validation and write arbitrary files to the host system. This affects all users running vulnerable versions of Claude Code. The vulnerability stems from improper sed command parsing that enables file system manipulation.

📋 TL;DR

CVE-2025-64755 is a critical vulnerability in Claude Code versions before 2.0.31 that allows attackers to bypass read-only validation and write arbitrary files to the host system. This affects all users running vulnerable versions of Claude Code. The vulnerability stems from improper sed command parsing that enables file system manipulation.

💻 Affected Systems

Products:

Claude Code

Versions: All versions before 2.0.31

Operating Systems: All platforms running Claude Code

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of vulnerable versions are affected regardless of configuration.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file writes leading to remote code execution, data theft, or system destruction.

🟠

Likely Case

Unauthorized file modification leading to data corruption, privilege escalation, or persistence mechanisms.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are enforced.

🌐 Internet-Facing: HIGH - If exposed to untrusted users, exploitation could lead to full system compromise.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this for privilege escalation or lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The advisory suggests exploitation is straightforward once the sed parsing flaw is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.31

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q

Restart Required: Yes

Instructions:

1. Stop Claude Code service
2. Update to version 2.0.31 using your package manager or download from official source
3. Restart Claude Code service
4. Verify the update was successful

🔧 Temporary Workarounds

Disable Claude Code

linux

Temporarily disable Claude Code until patching is possible

sudo systemctl stop claude-code
sudo systemctl disable claude-code

Restrict file system access

linux

Apply strict file permissions to limit Claude Code's write capabilities

sudo chmod -R 755 /path/to/claude-code/data
sudo chown -R root:root /path/to/claude-code

🧯 If You Can't Patch

Isolate Claude Code instances in a restricted network segment with no internet access
Implement strict file system monitoring and integrity checking on host systems

🔍 How to Verify

Check if Vulnerable:

Check Claude Code version - if it's below 2.0.31, the system is vulnerable

Check Version:

claude-code --version

Verify Fix Applied:

Confirm version is 2.0.31 or higher and test that file write restrictions are properly enforced

📡 Detection & Monitoring

Log Indicators:

Unexpected file write operations by Claude Code process
sed command execution with unusual parameters
Permission denied errors for files that should be read-only

Network Indicators:

Unusual outbound connections from Claude Code host
File transfer patterns inconsistent with normal operation

SIEM Query:

process_name:"claude-code" AND (event_type:"file_write" OR command_line:"sed")

📊 Metadata

CVE ID: CVE-2025-64755

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.1% exploit probability (26.7th percentile)

Published: November 21, 2025

Last Updated: December 4, 2025

🔗 References

https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64755, you might also want to check these: