CVE-2025-54795

CRITICAL

Anthropic Claude Code < 1.0.20 - OS Command Injection

Title source: rule

Description

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.

Exploits (2)

nomisec WORKING POC

by dial481 · poc

https://github.com/dial481/ralph

View Code ZIP pw:eip

nomisec WORKING POC

by alonisser · poc

https://github.com/alonisser/ralph

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://github.com/anthropics/claude-code/security/advisories/GHSA-x56v-x2h6-7j34

Scores

CVSS v3 9.8

EPSS 0.0016

EPSS Percentile 37.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

anthropic/claude_code < 1.0.20

anthropic-ai/claude-code 0 - 1.0.20npm

Published Aug 05, 2025

Tracked Since Feb 18, 2026