AI description
CVE-2025-54794 is a path restriction bypass vulnerability affecting Claude Code versions below 0.2.111. It stems from a flaw in path validation that uses prefix matching instead of canonical path comparison. This allows attackers to bypass directory restrictions and gain unauthorized access to files outside the intended current working directory (CWD). Exploitation requires the presence of, or the ability to create, a directory with a prefix identical to the CWD, along with the capability to introduce untrusted content into a Claude Code context window. For example, if the working directory is `/tmp/allowed_dir`, creating `/tmp/allowed_dir_malicious` would pass the validation. This vulnerability has been fixed in version 0.2.111.
- Description
- Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
47
🚨 Critical AI Security Flaws Found in Anthropic's Claude Code 🚨 Two high-severity vulnerabilities — CVE-2025-54794 & CVE-2025-54795 — could let attackers escape sandbox restrictions & execute unauthorized commands. 🔍 What happened? CVE-2025-54794 (Path Bypa
@ScantistAI
5 Aug 2025
68 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
(CVE-2025-54794, CVE-2025-54795) in Anthropic's Claude Code allow unauthorized command execution. Remarkably, Claude helped craft exploits against its own security. AI's power can be turned against it via prompt crafting. #Cybersecurity #AI #ClaudeCode https://t.co/YOw8ge4Mvn
@exc_actual
5 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Inverse How Claude Code Was Exploited Using Its Own #AI (#CVE-2025-54794 & #CVE-2025-54795) https://t.co/eR4rlBdrxz Educational Purposes!
@UndercodeUpdate
5 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AnthropicのAI開発支援ツール「Claude Code」に重大な脆弱性(CVE-2025-54794/54795)が発見された。 研究者Elad Beber氏が「逆プロンプト(InversePrompt)」手法を用いてClaude自身にその脆弱性を分析させる形で発見した。
@yousukezan
5 Aug 2025
48450 Impressions
121 Retweets
340 Likes
167 Bookmarks
0 Replies
6 Quotes
CVE-2025-54794 Path Traversal Vulnerability in Claude Code Versions Below 0.2.111 https://t.co/3HNoqURMRq
@VulmonFeeds
5 Aug 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54794 Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible… https://t.co/fT7Kx7oy7a
@CVEnew
5 Aug 2025
349 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes