CVE-2025-54794

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54794

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54794.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54794

Aliases

GHSA-pmw4-pwvc-3hx2

Published

2025-08-05T00:08:13Z

Modified

2025-10-21T02:35:39Z

Severity

7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Details

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "0.2.111"
            }
        ]
    }
]