CVE-2025-54795: Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass
criticalvulnerabilityLLM-Specific
security
Summary
Claude Code is an agentic coding tool (software that can automatically write and execute code). In versions before 1.0.20, a flaw in how the tool parses commands allows attackers to skip the confirmation prompt that normally protects users before running untrusted code. Exploiting this requires the attacker to insert malicious content into Claude Code's input.
Solution / Mitigation
This is fixed in version 1.0.20. Users should update Claude Code to version 1.0.20 or later.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Anthropic
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-54795
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%