GHSA-qxfv-fcpc-w36x

Suggest an improvement
Source
https://github.com/advisories/GHSA-qxfv-fcpc-w36x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-qxfv-fcpc-w36x/GHSA-qxfv-fcpc-w36x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qxfv-fcpc-w36x
Aliases
  • CVE-2025-58764
Published
2025-09-10T17:10:42Z
Modified
2025-09-10T21:14:12Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Claude Code rg vulnerability does not protect against approval prompt bypass
Details

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window.

Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to the NVIDIA AI Red Team for reporting this issue!

Database specific 
{
    "cwe_ids": [
        "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-10T17:10:42Z",
    "nvd_published_at": "2025-09-10T16:15:40Z",
    "severity": "HIGH"
}
References

Affected packages

npm / @anthropic-ai/claude-code

Package

Name
@anthropic-ai/claude-code
View open source insights on deps.dev
Purl
pkg:npm/%40anthropic-ai/claude-code

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.105

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-qxfv-fcpc-w36x/GHSA-qxfv-fcpc-w36x.json"