CVE-2025-54794

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.

Published: Aug 4, 2025
Updated: Aug 14, 2025
CVE: CVE-2025-54794
GHSA: GHSA-pmw4-pwvc-3hx2
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
@anthropic-ai / claude-code	-	0.2.111

https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2

Vulnerability Database

CVE-2025-54794