AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-59829: Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission de

mediumvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseOctober 3, 2025CVE-2025-59829

Summary

Claude Code versions before 1.0.120 had a security flaw where it could bypass file access restrictions by following symlinks (shortcuts that point to other files). Even if a user blocked Claude Code from accessing a file, the tool could still read it if there was a symlink pointing to that blocked file.

Solution / Mitigation

Update Claude Code to version 1.0.120 or later. Users with automatic updates enabled will have received this fix automatically; users updating manually should upgrade to the latest version.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-61

Affected Vendors

Anthropic

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 92%