CVE-2025-15060: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows rem
criticalvulnerabilityLLM-Specific
security
Summary
CVE-2025-15060 is a remote code execution vulnerability in claude-hovercraft that allows attackers to run arbitrary code without needing to log in. The flaw exists in the executeClaudeCode method, which fails to properly validate user input before using it in a system call (a request to run operating system commands), allowing attackers to inject malicious commands.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 1.3%
Disclosure Date
March 16, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
Affected Vendors
Anthropic
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-15060
First tracked: March 16, 2026 at 12:07 PM
Classified by LLM (prompt v3) · confidence: 92%