CNNVD-202508-287 Information

CNNVD ID

CNNVD-202508-287

Related CVE

CVE-2025-54795

• CNNVD Published: 2025-08-05

Description (Chinese)

Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 1.0.20之前版本存在操作系统命令注入漏洞，该漏洞源于命令解析错误，可能导致未经确认执行不受信任的命令。

Description (English)

Claude Code is a proxy coding tool for the Anthropic open source. Before Claude Code 1.0.20, there was a gap in the OS command, which resulted from an error in command resolution and could lead to unconfirmed execution of untrustworthy orders.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Anthropic

Published

2025-08-05

Last Modified

2026-02-24

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-x56v-x2h6-7j34 https://access.redhat.com/security/cve/cve-2025-54795

Patch

https://github.com/anthropics/claude-code