Claude Code <1.0.39: Yarn Plugin Auto-Exec Bypass Trust Dialog
CVE-2025-59828 Published on September 24, 2025
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Weakness Types
Inclusion of Functionality from Untrusted Control Sphere
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2025-59828 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2025-59828
Want to know whenever a new CVE is published for Anthropic Claude Code? stack.watch will email you.
Affected Versions
anthropics claude-code Version < 1.0.39 is affected by CVE-2025-59828Vulnerable Packages
The following package name and versions may be associated with CVE-2025-59828
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| npm | @anthropic-ai/claude-code | < 1.0.39 | 1.0.39 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.