{"data":{"id":"f82e8fbf-0e4c-45cd-be2c-c7f66bd77f67","title":"CVE-2025-59041: Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.ema","summary":"Claude Code, an agentic coding tool (software that can write and execute code with some autonomy), had a vulnerability where a maliciously configured git user email could trigger arbitrary code execution (running unintended commands on a system) when the tool started up, before the user approved workspace access. This affected all versions before 1.0.105.","solution":"Update Claude Code to version 1.0.105 or the latest version. Users with automatic updates enabled will have received this fix automatically; those updating manually should upgrade to version 1.0.105 or newer.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-59041","publishedAt":"2025-09-10T16:15:41.503Z","cveId":"CVE-2025-59041","cweIds":["CWE-94"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00146,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}