Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-32229 Claude Code can execute commands prior to the startup trust dialog
Github GHSA Github GHSA GHSA-4fgq-fpq9-mr3g Claude Code can execute commands prior to the startup trust dialog
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 23 Oct 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Anthropic
Anthropic claude Code
CPEs cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
Vendors & Products Anthropic
Anthropic claude Code
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Mon, 06 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Anthropics
Anthropics claude Code
Vendors & Products Anthropics
Anthropics claude Code

Fri, 03 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 03 Oct 2025 06:45:00 +0000

Type Values Removed Values Added
Description Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
Title Claude Code's startup trust dialog could lead to Command Execution attack
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-10-03T13:26:23.309Z

Reserved: 2025-09-17T17:04:20.373Z

Link: CVE-2025-59536

cve-icon Vulnrichment

Updated: 2025-10-03T13:26:15.107Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-03T07:15:44.550

Modified: 2025-10-23T12:46:37.910

Link: CVE-2025-59536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-06T14:43:13Z