CVE-2025-66032 – CVE-2025-66032 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2025-66032?

CVE-2025-66032 has a CVSS score of 9.8 (CRITICAL). CVE-2025-66032 is a command injection vulnerability in Claude Code that allows bypassing read-only validation to execute arbitrary code. Attackers can exploit this by injecting malicious shell commands through $IFS and short CLI flag parsing errors. Users of Claude Code versions before 1.0.93 are affected.

📋 TL;DR

CVE-2025-66032 is a command injection vulnerability in Claude Code that allows bypassing read-only validation to execute arbitrary code. Attackers can exploit this by injecting malicious shell commands through $IFS and short CLI flag parsing errors. Users of Claude Code versions before 1.0.93 are affected.

💻 Affected Systems

Products:

Claude Code

Versions: All versions prior to 1.0.93

Operating Systems: All platforms running Claude Code

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ability to add untrusted content to Claude Code context window. All default configurations are vulnerable.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the host running Claude Code, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Arbitrary code execution within the Claude Code environment, allowing attackers to access sensitive data, modify files, or establish persistence.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are in place, potentially restricting execution to isolated containers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to inject content into Claude Code context. The vulnerability involves shell command parsing errors with $IFS and short flags.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.93

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3

Restart Required: Yes

Instructions:

1. Stop Claude Code service. 2. Update to version 1.0.93 or later using package manager. 3. Restart Claude Code service. 4. Verify version is 1.0.93+.

🔧 Temporary Workarounds

Disable untrusted content

all

Prevent users from adding untrusted content to Claude Code context windows

Sandbox execution

linux

Run Claude Code in isolated container or sandboxed environment

docker run --security-opt=no-new-privileges -d anthropics/claude-code

🧯 If You Can't Patch

Isolate Claude Code instances from sensitive systems and networks
Implement strict input validation and sanitization for all content entering Claude Code context

🔍 How to Verify

Check if Vulnerable:

Check Claude Code version. If version is less than 1.0.93, system is vulnerable.

Check Version:

claude-code --version

Verify Fix Applied:

Confirm version is 1.0.93 or higher and test that shell command injection attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual shell command execution patterns
Attempts to use $IFS or short flag manipulation
Unexpected process spawns from Claude Code

Network Indicators:

Outbound connections from Claude Code to unexpected destinations
Command and control traffic patterns

SIEM Query:

process_name:"claude-code" AND (command_line:"$IFS" OR command_line:"short_flag_manipulation_patterns")

📊 Metadata

CVE ID: CVE-2025-66032

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.16% exploit probability (36.7th percentile)

Published: December 3, 2025

Last Updated: December 5, 2025

🔗 References

https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66032, you might also want to check these: