Platform
nodejs
Component
@anthropic-ai/claude-code
Fixed in
1.0.106
1.0.105
CVE-2025-58764 describes a command bypass vulnerability in the @anthropic-ai/claude-code Node.js package. This flaw allows attackers to bypass the confirmation prompt and trigger the execution of untrusted commands, potentially leading to unauthorized actions within the Claude Code environment. The vulnerability impacts versions prior to 1.0.105, and a patch has been released in version 1.0.105.
Successful exploitation of CVE-2025-58764 allows an attacker to execute arbitrary commands within the context of the @anthropic-ai/claude-code application. This could involve reading sensitive data, modifying system configurations, or even gaining control of the underlying server. The ability to reliably exploit this vulnerability requires the attacker to inject untrusted content into a Claude Code context window, suggesting a potential attack vector through user-supplied input or compromised data sources. The blast radius depends on the privileges associated with the process running @anthropic-ai/claude-code.
This vulnerability was reported by the NVIDIA AI Red Team. As of the public disclosure date (2025-09-10), there is no indication of active exploitation in the wild. The vulnerability's reliance on injecting untrusted content into a context window may limit its immediate exploitability. It is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not yet available.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
The primary mitigation for CVE-2025-58764 is to immediately update to version 1.0.105 or later of the @anthropic-ai/claude-code package. Users employing manual update procedures should prioritize this update. If an immediate upgrade is not feasible, consider implementing input validation and sanitization measures to prevent the injection of untrusted content into the Claude Code context window. While a direct WAF rule is unlikely, monitoring for unusual command execution patterns within the Node.js application could provide an early warning system. After upgrading, verify the fix by attempting to trigger the command bypass with known malicious input and confirming that the confirmation prompt is enforced.
Actualice Claude Code a la versión 1.0.105 o superior. Esta actualización corrige una vulnerabilidad de inyección de comandos que permite la ejecución de comandos no confiables sin la aprobación del usuario. Si está utilizando la actualización automática estándar de Claude Code, ya debería haber recibido esta corrección.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58764 is a HIGH severity vulnerability in the @anthropic-ai/claude-code Node.js package that allows attackers to bypass the confirmation prompt and execute untrusted commands.
You are affected if you are using @anthropic-ai/claude-code versions prior to 1.0.105. Check your installed version using npm list @anthropic-ai/claude-code.
Update to version 1.0.105 or later of the @anthropic-ai/claude-code package using npm install @anthropic-ai/claude-code@latest.
As of the public disclosure date, there is no indication of active exploitation in the wild.
Refer to the official @anthropic-ai advisory for details and updates: [https://www.anthropic.com/security](https://www.anthropic.com/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.