Platform
nodejs
Component
@anthropic-ai/claude-code
Opgelost in
1.0.106
1.0.105
CVE-2025-59041 describes a remote code execution (RCE) vulnerability in the @anthropic-ai/claude-code Node.js package. This vulnerability arises from the package's construction of shell commands during startup, which improperly interpolates the git config user.email value. If an attacker can manipulate the repository's Git configuration, they can potentially execute arbitrary commands before the user has a chance to accept the workspace trust dialog. The vulnerability affects versions prior to 1.0.105, and a fix is available in version 1.0.105.
The primary impact of CVE-2025-59041 is the potential for arbitrary code execution on the system where @anthropic-ai/claude-code is running. An attacker who can control the Git configuration of a repository used by the package can inject malicious code into the user.email setting. When the package starts up and constructs its shell command, this malicious code will be executed without proper sanitization or escaping. This could allow an attacker to gain control of the system, steal sensitive data, or install malware. The pre-trust execution is particularly concerning as it bypasses a security prompt designed to protect users.
This vulnerability was publicly disclosed on 2025-09-10. There is currently no indication of active exploitation campaigns targeting this specific vulnerability. While a public proof-of-concept is not yet available, the ease of exploitation (requiring only control over a Git configuration) suggests a potential for rapid development and dissemination of such a PoC. The vulnerability is not currently listed on CISA KEV, but its severity and potential impact warrant monitoring.
Development teams and organizations using @anthropic-ai/claude-code in their Node.js projects are at risk. This is particularly relevant for teams using Git for version control and those who allow developers to work with repositories containing potentially untrusted code. Shared hosting environments where multiple users have access to Git repositories are also at increased risk.
• nodejs / supply-chain:
npm list @anthropic-ai/claude-code• nodejs / supply-chain: Check package.json for versions prior to 1.0.105. • nodejs / supply-chain: Monitor Node.js process execution for unexpected commands involving Git configuration values. • generic web: Review server logs for errors related to @anthropic-ai/claude-code initialization, particularly those involving Git commands.
disclosure
patch
Exploit Status
EPSS
0.15% (35% percentiel)
CISA SSVC
The primary mitigation for CVE-2025-59041 is to immediately upgrade to version 1.0.105 or later of the @anthropic-ai/claude-code package. This version includes a fix that avoids executing commands built from untrusted configuration and properly validates/escapes inputs. If upgrading is not immediately feasible, consider restricting access to the Git repositories used by the package to prevent attackers from modifying the user.email configuration. Review and audit Git configuration files for any suspicious entries. There are no WAF or proxy rules that can directly address this vulnerability, as it occurs during package initialization. After upgrading, confirm the fix by attempting to set a malicious user.email in a Git repository and verifying that the package does not execute the crafted command.
Actualice Claude Code a la versión 1.0.105 o superior. Esta actualización corrige una vulnerabilidad que permite la ejecución de código arbitrario a través de una configuración maliciosa del correo electrónico de Git. La actualización se puede realizar manualmente o, si está habilitada, se habrá aplicado automáticamente.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-59041 is a remote code execution vulnerability in the @anthropic-ai/claude-code Node.js package. It allows an attacker to execute arbitrary code by manipulating the Git configuration of a repository used by the package.
You are affected if you are using @anthropic-ai/claude-code versions prior to 1.0.105 and your environment allows attackers to modify Git configuration files.
Upgrade to version 1.0.105 or later of @anthropic-ai/claude-code. This version includes a fix that prevents command interpolation from untrusted configuration.
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation suggests a potential for future attacks.
Refer to the official @anthropic-ai security advisory for details and updates regarding CVE-2025-59041.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.