{"data":{"id":"d51c28ae-c31b-4fb9-940f-de7fd7c16624","title":"CVE-2025-59536: Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the sta","summary":"Claude Code (an AI tool that writes and runs code automatically) had a security flaw in versions before 1.0.111 where it could execute code from a project before the user confirmed they trusted the project. An attacker could exploit this by tricking a user into opening a malicious project directory.","solution":"Update Claude Code to version 1.0.111 or later. Users with auto-update enabled will have received this fix automatically; users performing manual updates should update to the latest version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-59536","publishedAt":"2025-10-03T07:15:44.550Z","cveId":"CVE-2025-59536","cweIds":["CWE-94"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00039,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}