Claude Code <1.0.105: Confirm Prompt Bypass, Untrusted Cmd Exec
CVE-2025-58764 Published on September 10, 2025
Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution
Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2025-58764 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2025-58764
Want to know whenever a new CVE is published for Anthropic Claude Code? stack.watch will email you.
Affected Versions
anthropics claude-code Version < 1.0.105 is affected by CVE-2025-58764Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.