プラットフォーム
nodejs
コンポーネント
@anthropic-ai/claude-code
修正版
1.0.106
1.0.105
CVE-2025-58764 describes a command bypass vulnerability in the @anthropic-ai/claude-code Node.js package. This flaw allows attackers to bypass the confirmation prompt and trigger the execution of untrusted commands, potentially leading to unauthorized actions within the Claude Code environment. The vulnerability impacts versions prior to 1.0.105, and a patch has been released in version 1.0.105.
Successful exploitation of CVE-2025-58764 allows an attacker to execute arbitrary commands within the context of the @anthropic-ai/claude-code application. This could involve reading sensitive data, modifying system configurations, or even gaining control of the underlying server. The ability to reliably exploit this vulnerability requires the attacker to inject untrusted content into a Claude Code context window, suggesting a potential attack vector through user-supplied input or compromised data sources. The blast radius depends on the privileges associated with the process running @anthropic-ai/claude-code.
This vulnerability was reported by the NVIDIA AI Red Team. As of the public disclosure date (2025-09-10), there is no indication of active exploitation in the wild. The vulnerability's reliance on injecting untrusted content into a context window may limit its immediate exploitability. It is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not yet available.
Organizations and developers utilizing the @anthropic-ai/claude-code package in their Node.js applications are at risk. Specifically, those who have not implemented automatic updates or are using older versions of the package are particularly vulnerable. Applications that rely on user-supplied input or external data sources for Claude Code context are at higher risk.
• nodejs: Monitor Node.js process logs for unexpected command executions.
journalctl -u node -f | grep -i "command execution"• nodejs: Check the installed version of @anthropic-ai/claude-code using npm.
npm list @anthropic-ai/claude-code• generic web: Inspect the application's input validation routines to identify potential vulnerabilities where untrusted content could be injected into the Claude Code context window.
disclosure
エクスプロイト状況
EPSS
0.12% (31% パーセンタイル)
CISA SSVC
The primary mitigation for CVE-2025-58764 is to immediately update to version 1.0.105 or later of the @anthropic-ai/claude-code package. Users employing manual update procedures should prioritize this update. If an immediate upgrade is not feasible, consider implementing input validation and sanitization measures to prevent the injection of untrusted content into the Claude Code context window. While a direct WAF rule is unlikely, monitoring for unusual command execution patterns within the Node.js application could provide an early warning system. After upgrading, verify the fix by attempting to trigger the command bypass with known malicious input and confirming that the confirmation prompt is enforced.
Actualice Claude Code a la versión 1.0.105 o superior. Esta actualización corrige una vulnerabilidad de inyección de comandos que permite la ejecución de comandos no confiables sin la aprobación del usuario. Si está utilizando la actualización automática estándar de Claude Code, ya debería haber recibido esta corrección.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-58764 is a HIGH severity vulnerability in the @anthropic-ai/claude-code Node.js package that allows attackers to bypass the confirmation prompt and execute untrusted commands.
You are affected if you are using @anthropic-ai/claude-code versions prior to 1.0.105. Check your installed version using npm list @anthropic-ai/claude-code.
Update to version 1.0.105 or later of the @anthropic-ai/claude-code package using npm install @anthropic-ai/claude-code@latest.
As of the public disclosure date, there is no indication of active exploitation in the wild.
Refer to the official @anthropic-ai advisory for details and updates: [https://www.anthropic.com/security](https://www.anthropic.com/security)