CVE-2025-54794

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.

CVSS

No CVSS.

References

Link	Resource
https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2

Configurations

No configuration.

History

05 Aug 2025, 14:34

Type	Values Removed	Values Added
Summary		(es) Claude Code es una herramienta de codificación agentica. En versiones anteriores a la 0.2.111, una falla de validación de rutas que utiliza la coincidencia de prefijos en lugar de la comparación de rutas canónicas permite eludir las restricciones de directorio y acceder a archivos fuera del CWD. Para que esta vulnerabilidad funcione, es necesario tener (o poder crear) un directorio con el mismo prefijo que el CWD y poder añadir contenido no confiable a una ventana de contexto de Claude Code. Esto se corrigió en la versión 0.2.111.

05 Aug 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 01:15

Updated : 2025-08-05 14:34

NVD link : CVE-2025-54794

Mitre link : CVE-2025-54794

CVE.ORG link : CVE-2025-54794

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-54794", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T01:15:41.877", "references": [{"url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111."}, {"lang": "es", "value": "Claude Code es una herramienta de codificaci\u00f3n agentica. En versiones anteriores a la 0.2.111, una falla de validaci\u00f3n de rutas que utiliza la coincidencia de prefijos en lugar de la comparaci\u00f3n de rutas can\u00f3nicas permite eludir las restricciones de directorio y acceder a archivos fuera del CWD. Para que esta vulnerabilidad funcione, es necesario tener (o poder crear) un directorio con el mismo prefijo que el CWD y poder a\u00f1adir contenido no confiable a una ventana de contexto de Claude Code. Esto se corrigi\u00f3 en la versi\u00f3n 0.2.111."}], "lastModified": "2025-08-05T14:34:17.327", "sourceIdentifier": "security-advisories@github.com"}