{"data":{"id":"b6a910f8-573f-4aae-b315-8ff383f72930","title":"CVE-2025-15060: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows rem","summary":"CVE-2025-15060 is a remote code execution vulnerability in claude-hovercraft that allows attackers to run arbitrary code without needing to log in. The flaw exists in the executeClaudeCode method, which fails to properly validate user input before using it in a system call (a request to run operating system commands), allowing attackers to inject malicious commands.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-15060","publishedAt":"2026-03-16T14:17:55.780Z","cveId":"CVE-2025-15060","cweIds":["CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["claude-hovercraft","Anthropic Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01346,"patchAvailable":null,"disclosureDate":"2026-03-16T14:17:55.780Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}