CVE-2025-66032
Claude Code Command Validation Bypass Allows Arbitrary Code Execution
Description
Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
INFO
Published Date :
Dec. 3, 2025, 7:15 p.m.
Last Modified :
Dec. 5, 2025, 4:29 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-66032
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | HIGH | [email protected] |
Solution
- Update Claude Code to version 1.0.93.
- Review and sanitize shell command inputs.
- Validate untrusted content in context windows.
Public PoC/Exploit Available at Github
CVE-2025-66032 has a 19 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-66032.
| URL | Resource |
|---|---|
| https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3 | Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-66032 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-66032
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Shell TypeScript JavaScript Python
None
Shell TypeScript JavaScript Python
堪称文档工程杰作。本指南覆盖 Claude Code 从入门到精通的完整路径,附生产级模板、智能体工作流实战教程、海量学习资源(包括测验 + 速查表)。至于它到底是不是 Claude Code 的"终极指南"——你说了算 :)
Shell TypeScript JavaScript Python HTML
Touch ID confirmation for AI coding agents on macOS. Pair with sandboxes for defense-in-depth against prompt injection.
agent-safety ai-agent ai-safety ai-security authentication biometric-authentication claude-code cli-security developer-tools devsecops devtools file-system-security guardrails llm-agent llm-security macos prompt-injection sandboxing security touch-id
Shell Python Swift
None
Shell TypeScript JavaScript Python
None
Shell TypeScript JavaScript Python
None
Shell TypeScript JavaScript Python
Open Autonomous Coding-agent Baseline — security framework for Claude Code autonomous mode. OWASP ASI 2026 + MITRE ATLAS mapped. Apache 2.0.
Shell JavaScript
None
TypeScript JavaScript Shell Python
None
TypeScript JavaScript Shell Python
None
TypeScript JavaScript Shell Python
Reusable security and quality scanning infrastructure for Terraform repositories and application code. Supports AWS, Azure, and GCP for Terraform Code.
HCL PowerShell Shell Python
Supply-chain security for Claude Code plugins — detects marketplace auto-updates and surfaces security-relevant diffs
Python
Comprehensive analysis of Claude Code's architecture, engineering patterns, and hidden features — as revealed by the March 2026 npm source map leak
Stop trying to protect your .env from AI coding agents. Do this instead.
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-66032 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-66032 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Dec. 05, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.0.93 Added Reference Type GitHub, Inc.: https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3 Types: Vendor Advisory -
New CVE Received by [email protected]
Dec. 03, 2025
Action Type Old Value New Value Added Description Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-77 Added Reference https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3