CVE-2025-64755: Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible
criticalvulnerability
security
Summary
Claude Code is an agentic coding tool (a program that can write code automatically) that had a vulnerability before version 2.0.31 where a mistake in how it parsed sed commands (a tool for editing text) allowed attackers to bypass safety checks and write files anywhere on a computer system. This vulnerability has been fixed.
Solution / Mitigation
Update to version 2.0.31 or later. The issue has been patched in version 2.0.31.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Anthropic
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-64755
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%