Plateforme
nodejs
Composant
@anthropic-ai/claude-code
Corrigé dans
1.0.40
1.0.39
CVE-2025-65099 is a high-severity vulnerability affecting the @anthropic-ai/claude-code package when used with Yarn. Specifically, improperly handled Yarn configuration files can lead to arbitrary code execution during the yarn --version command. This bypasses the directory trust dialog, allowing malicious plugins or yarnPath configurations to execute before user consent. Users on automatic updates have already received the fix; manual update users should upgrade to version 1.0.39.
The primary impact of CVE-2025-65099 is the potential for unauthorized code execution within the context of the @anthropic-ai/claude-code environment. An attacker could craft a malicious Yarn configuration file that, when executed during the yarn --version command, would run arbitrary code. This could lead to a complete compromise of the system, including data exfiltration, installation of malware, or further lateral movement within the network. The bypass of the directory trust dialog significantly lowers the barrier to entry for attackers, as it circumvents a security control designed to protect users from untrusted code.
This vulnerability was reported by Benjamin Faller, Redguard AG and Michael Hess and publicly disclosed on 2025-11-19. There are currently no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The probability of exploitation is currently considered medium, given the potential for relatively easy exploitation and the bypass of a security control.
Developers and users of @anthropic-ai/claude-code who rely on Yarn for dependency management are at risk. This includes teams using the package in CI/CD pipelines or environments where Yarn configuration files are managed externally. Shared hosting environments or systems with limited access controls are particularly vulnerable.
• nodejs / supply-chain: Monitor for unusual process execution of yarn or npm with unexpected arguments.
Get-Process -Name yarn | Select-Object -ExpandProperty Path• nodejs / supply-chain: Check for suspicious entries in .yarnrc or package.json files related to yarnPath or plugin configurations.
grep -r 'yarnPath' .yarnrc package.json• generic web: Examine server logs for requests related to yarn --version or any unusual activity associated with the @anthropic-ai/claude-code package.
disclosure
Statut de l'Exploit
EPSS
0.15% (percentile 36%)
CISA SSVC
The primary mitigation for CVE-2025-65099 is to upgrade to @anthropic-ai/claude-code version 1.0.39 or later. If upgrading is not immediately feasible, consider temporarily disabling Yarn or restricting access to the yarn --version command. Review existing Yarn configuration files for any suspicious or unexpected entries. While a WAF or proxy is unlikely to directly address this vulnerability, ensuring strict input validation and code signing policies for all dependencies can provide an additional layer of defense. There are no specific Sigma or YARA patterns available at this time, but monitoring for unusual process execution related to Yarn is recommended.
Actualice Claude Code a la versión 1.0.39 o superior. Esto corrige la vulnerabilidad de ejecución de comandos antes del diálogo de confianza inicial. La actualización se puede realizar a través del gestor de paquetes utilizado para instalar Claude Code.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-65099 is a high-severity vulnerability in @anthropic-ai/claude-code where improperly handled Yarn configuration files can lead to code execution, bypassing directory trust.
You are affected if you are using @anthropic-ai/claude-code with Yarn and have not upgraded to version 1.0.39 or later.
Upgrade to @anthropic-ai/claude-code version 1.0.39 or later. If upgrading is not possible, temporarily disable Yarn or restrict access to the yarn --version command.
There are currently no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation is considered medium.
Refer to the official @anthropic-ai/claude-code release notes and security advisories on their website or GitHub repository.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.