CVE-2025-59536HIGH 8.8EPSS p97.9%

CVE-2025-59536CVE-2025-59536

Description

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS29.29% probability of exploitation · percentile 97.9% · 2026-06-18T12:00:27Z
Published2025-10-03
Last modified2025-10-23

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/anthropics/claude-code/security/advisories/GHSA-4fgq-fpq9-mr3g

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-58764
CVE
CVE-2025-54795
CVE
CVE-2025-66032
CVE
CVE-2025-65099
CVE
CVE-2025-54794
CVE
CVE-2025-59041
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.