CVE-2025-54794

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*

History

27 Oct 2025, 18:01

Type	Values Removed	Values Added
References	~~() https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2 -~~	() https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2 - Vendor Advisory
First Time		Anthropic claude Code Anthropic
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CPE		cpe:2.3:a:anthropic:claude_code::::::node.js::*

05 Aug 2025, 14:34

Type	Values Removed	Values Added
Summary		(es) Claude Code es una herramienta de codificación agentica. En versiones anteriores a la 0.2.111, una falla de validación de rutas que utiliza la coincidencia de prefijos en lugar de la comparación de rutas canónicas permite eludir las restricciones de directorio y acceder a archivos fuera del CWD. Para que esta vulnerabilidad funcione, es necesario tener (o poder crear) un directorio con el mismo prefijo que el CWD y poder añadir contenido no confiable a una ventana de contexto de Claude Code. Esto se corrigió en la versión 0.2.111.

05 Aug 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 01:15

Updated : 2025-10-27 18:01

NVD link : CVE-2025-54794

Mitre link : CVE-2025-54794

CVE.ORG link : CVE-2025-54794

JSON object : View

Products Affected

anthropic

claude_code

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-54794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T01:15:41.877", "references": [{"url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111."}, {"lang": "es", "value": "Claude Code es una herramienta de codificaci\u00f3n agentica. En versiones anteriores a la 0.2.111, una falla de validaci\u00f3n de rutas que utiliza la coincidencia de prefijos en lugar de la comparaci\u00f3n de rutas can\u00f3nicas permite eludir las restricciones de directorio y acceder a archivos fuera del CWD. Para que esta vulnerabilidad funcione, es necesario tener (o poder crear) un directorio con el mismo prefijo que el CWD y poder a\u00f1adir contenido no confiable a una ventana de contexto de Claude Code. Esto se corrigi\u00f3 en la versi\u00f3n 0.2.111."}], "lastModified": "2025-10-27T18:01:20.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "41E2EE32-5D62-4EA1-BF73-B7E41510E871", "versionEndExcluding": "0.2.111"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}