AI description
CVE-2025-64755 refers to a vulnerability found in the Claude Code tool. It involves a sed command validation bypass that could allow an attacker to write to arbitrary files on the host system. This vulnerability is due to an error in how the sed command is parsed. The vulnerability affects versions of @anthropic-ai/claude-code prior to 2.0.31. Users who have automatic updates enabled will have received the fix automatically, while those performing manual updates are advised to update to the latest version.
- Description
- Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- claude_code
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-78
- Hype score
- Not currently trending
😬Same Bug, New Victim Adam Chester disclosed a privilege escalation + RCE flaw in Claude Code no user approval needed, PoC already public (CVE-2025-64755). Reminder: AI dev tools run with your permissions. One bug = full machine access. https://t.co/N1Dh8HwOjH
@pridebit88
8 Jan 2026
70 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨AI变内鬼!#ClaudeCode 曝高危漏洞 CVE-2025-64755:一键运行项目即遭“零点击”提权! 🛑严重后果:资产归零、地址被连坐封禁。 ✅ 【解币解忧】:风险救济 1️⃣ 光速拦截:抢占黄金窗口阻断洗钱 2️⃣ 技
@Crssrdnutrition
8 Jan 2026
4 Impressions
2 Retweets
3 Likes
0 Bookmarks
2 Replies
0 Quotes
Claude Codeの深刻な脆弱性(CVE-2025-64755)が悪用、仮想通貨ユーザーを標的とした攻撃が活発化 ・Claude Codeにおける深刻な権限昇格の脆弱性(CVE-2025-64755)が活発に悪用されている ・ハッカーは当該の欠陥を利
@cb_terminal
8 Jan 2026
4455 Impressions
8 Retweets
8 Likes
5 Bookmarks
0 Replies
5 Quotes
Adam Chester发现Claude Code 中的一个提权和命令执行漏洞,无需用户授权即可实现命令执行,漏洞编号:CVE-2025-64755,PoC已公开,是和之前Cursor一样的问题,Cursor一直不修?🤣 https://t.co/3on927t41S
@im23pds
7 Jan 2026
6103 Impressions
4 Retweets
15 Likes
7 Bookmarks
0 Replies
2 Quotes
SECURITY ALERT: CVE-2025-64755 Exploit Fix & Mitigation Guide Read more: https://t.co/GdutHOulxt #Cybersecurity #CVE https://t.co/dsPt7E1jwq
@SecReportCVE
20 Dec 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
AI tooling and MCP servers are entering enterprises fast, often faster than security teams can assess the risks. During a recent engagement, @_xpn_ found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths. 👀 Read the details ↓ https://t.co/UzugTlkTBI
@SpecterOps
21 Nov 2025
4639 Impressions
12 Retweets
40 Likes
25 Bookmarks
0 Replies
0 Quotes
New blog post is up exploring a vuln I found in Claude Code (CVE-2025-64755) allowing arbitrary file write without a consent prompt. New tech is always fun to explore, hopefully this post gives you some hints as to future research :) https://t.co/UiXp9XN5NA
@_xpn_
21 Nov 2025
44192 Impressions
52 Retweets
238 Likes
109 Bookmarks
5 Replies
3 Quotes
Got a @_xpn_ discovery , nice work CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes https://t.co/PdAcgbnGr9
@N3mes1s
21 Nov 2025
22378 Impressions
7 Retweets
62 Likes
22 Bookmarks
3 Replies
3 Quotes
CVE-2025-64755 Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation… https://t.co/cOgx2mRyJN
@CVEnew
21 Nov 2025
232 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "6E0A418C-AA00-43D0-A71B-A858648E3B02",
"versionEndExcluding": "2.0.31"
}
],
"operator": "OR"
}
]
}
]