CVE-2025-54795

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.

Published: Aug 4, 2025
Updated: Aug 14, 2025
CVE: CVE-2025-54795
GHSA: GHSA-x56v-x2h6-7j34
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
@anthropic-ai / claude-code	-	1.0.20

https://github.com/anthropics/claude-code/security/advisories/GHSA-x56v-x2h6-7j34

Vulnerability Database

CVE-2025-54795