CVE-2025-65099

CRITICAL

Anthropic Claude Code < 1.0.39 - Code Injection

Title source: rule

Description

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.

Exploits (1)

nomisec WORKING POC

by b-faller · poc

https://github.com/b-faller/cve-2025-65099

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/anthropics/claude-code/security/advisories/GHSA-5hhx-v7f6-x7gv

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (2)

anthropic/claude_code < 1.0.39

anthropic-ai/claude-code 0 - 1.0.39npm

Published Nov 19, 2025

Tracked Since Feb 18, 2026