{"data":{"id":"9a996049-434b-4b14-9d6d-862998ecdf7d","title":"CVE-2025-54795: Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass","summary":"Claude Code is an agentic coding tool (software that can automatically write and execute code). In versions before 1.0.20, a flaw in how the tool parses commands allows attackers to skip the confirmation prompt that normally protects users before running untrusted code. Exploiting this requires the attacker to insert malicious content into Claude Code's input.","solution":"This is fixed in version 1.0.20. Users should update Claude Code to version 1.0.20 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-54795","publishedAt":"2025-08-05T01:15:42.023Z","cveId":"CVE-2025-54795","cweIds":["CWE-78"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00075,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}