Claude Code <1.0.111: Startup Trust Dialog Code Injection
CVE-2025-59536 Published on October 3, 2025
Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2025-59536 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2025-59536
Want to know whenever a new CVE is published for Anthropic Claude Code? stack.watch will email you.
Affected Versions
anthropics claude-code Version < 1.0.111 is affected by CVE-2025-59536Vulnerable Packages
The following package name and versions may be associated with CVE-2025-59536
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| npm | @anthropic-ai/claude-code | < 1.0.111 | 1.0.111 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.