Platform
nodejs
Component
@anthropic-ai/claude-code
Fixed in
0.2.112
0.2.111
CVE-2025-54794 describes a path traversal vulnerability discovered in the @anthropic-ai/claude-code Node.js package. This flaw stems from insufficient path validation, enabling attackers to potentially access files outside the intended working directory. Affected versions are those prior to 0.2.111; users on standard Claude Code auto-update received the fix automatically after release, and deprecated versions have been forced to update.
The vulnerability allows an attacker to bypass directory restrictions and read arbitrary files on the system. Successful exploitation hinges on the attacker's ability to create a directory with a prefix matching the current working directory and inject malicious content into a Claude Code context window. This could lead to sensitive data exposure, including configuration files, source code, or other confidential information. While the attack requires specific preconditions, the potential impact is significant, as it could compromise the integrity and confidentiality of the system.
This CVE was published on 2025-08-04. There is no indication of active exploitation or KEV listing at this time. Public proof-of-concept code is not currently available. The vulnerability was discovered and reported by Elad Beb, highlighting the importance of robust path validation in software development.
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
The primary mitigation is to upgrade to version 0.2.111 or later of the @anthropic-ai/claude-code package. This version includes a fix for the path validation flaw. If upgrading is not immediately feasible, consider implementing strict input validation and sanitization to prevent the injection of malicious content into the Claude Code context window. Additionally, restrict access to the directory where Claude Code operates to only authorized users and processes. After upgrading, confirm the fix by attempting to access files outside the intended directory and verifying that access is denied.
Actualice Claude Code a la versión 0.2.111 o superior. Esta versión corrige la vulnerabilidad de omisión de restricción de ruta. La actualización evitará el acceso no autorizado a archivos fuera del directorio de trabajo actual.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54794 is a HIGH severity vulnerability in @anthropic-ai/claude-code allowing unauthorized file access due to a flawed path validation mechanism. Versions prior to 0.2.111 are affected.
You are affected if you are using @anthropic-ai/claude-code versions prior to 0.2.111. Users on standard auto-update received the fix. Deprecated versions have been forced to update.
Upgrade to version 0.2.111 or later of @anthropic-ai/claude-code. Implement strict input validation as a temporary workaround if upgrading is not immediately possible.
There is currently no indication of active exploitation of CVE-2025-54794.
Refer to the official @anthropic-ai documentation and release notes for details regarding this vulnerability and the fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.