CNNVD-202508-285 Information

CNNVD ID

CNNVD-202508-285

Related CVE

CVE-2025-54794

• CNNVD Published: 2025-08-05

Description (Chinese)

Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 0.2.111之前版本存在路径遍历漏洞，该漏洞源于路径验证使用前缀匹配而非规范路径比较，可能导致目录限制绕过。

Description (English)

Claude Code is a proxy coding tool for the Anthropic open source. There is a loophole in the path before Claude Code 0.2.111, which stems from the use of prefix matching instead of regular path comparisons for the path validation, which may result in the directory restriction being bypassed.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Anthropic

Published

2025-08-05

Last Modified

2026-02-24

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2 https://access.redhat.com/security/cve/cve-2025-54794

Patch

https://github.com/anthropics/claude-code