Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 03 Oct 2025 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111. | |
Title | Claude Code's startup trust dialog could lead to Command Execution attack | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-10-03T06:34:48.398Z
Reserved: 2025-09-17T17:04:20.373Z
Link: CVE-2025-59536

No data.

Status : Received
Published: 2025-10-03T07:15:44.550
Modified: 2025-10-03T07:15:44.550
Link: CVE-2025-59536

No data.

No data.