cvelistv5 - cve-2025-59828

CVE-2025-59828 (GCVE-0-2025-59828)

Vulnerability from cvelistv5 – Published: 2025-09-24 19:30 – Updated: 2025-09-24 19:49

Summary

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Severity ?

7.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
CWE-862 - Missing Authorization

Assigner

GitHub_M

References

URL

Tags

https://github.com/anthropics/claude-code/securit…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	anthropics	claude-code	Affected: < 1.0.39

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-24T19:48:56.366741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-24T19:49:14.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "claude-code",
          "vendor": "anthropics",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.39"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-829",
              "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T19:30:09.297Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4"
        }
      ],
      "source": {
        "advisory": "GHSA-2jjv-qf24-vfm4",
        "discovery": "UNKNOWN"
      },
      "title": "Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59828",
    "datePublished": "2025-09-24T19:30:09.297Z",
    "dateReserved": "2025-09-22T14:34:03.470Z",
    "dateUpdated": "2025-09-24T19:49:14.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59828\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-24T20:15:33.527\",\"lastModified\":\"2025-11-26T17:01:17.137\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.\"},{\"lang\":\"es\",\"value\":\"Claude Code es una herramienta de codificaci\u00f3n ag\u00e9ntica. Antes de la versi\u00f3n 1.0.39 de Claude Code, al usar Claude Code con versiones 2.0+ de Yarn, los plugins de Yarn se auto-ejecutan al ejecutar yarn --version. Esto podr\u00eda llevar a una omisi\u00f3n del di\u00e1logo de confianza de directorio en Claude Code, ya que los plugins se ejecutar\u00edan antes de que el usuario aceptara los riesgos de trabajar en un directorio no confiable. Los usuarios que ejecutaban Yarn Classic no se vieron afectados por este problema. Este problema ha sido corregido en la versi\u00f3n 1.0.39. Los usuarios con la actualizaci\u00f3n autom\u00e1tica est\u00e1ndar de Claude Code habr\u00e1n recibido esta correcci\u00f3n autom\u00e1ticamente. A los usuarios que realizan actualizaciones manuales se les aconseja actualizar a la \u00faltima versi\u00f3n.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-829\"},{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.0.39\",\"matchCriteriaId\":\"F9319590-C852-4610-84AB-311B721A4554\"}]}]}],\"references\":[{\"url\":\"https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-829\", \"lang\": \"en\", \"description\": \"CWE-829: Inclusion of Functionality from Untrusted Control Sphere\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"cweId\": \"CWE-862\", \"lang\": \"en\", \"description\": \"CWE-862: Missing Authorization\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"PASSIVE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"version\": \"4.0\"}}], \"references\": [{\"name\": \"https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4\"}], \"affected\": [{\"vendor\": \"anthropics\", \"product\": \"claude-code\", \"versions\": [{\"version\": \"\u003c 1.0.39\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-24T19:30:09.297Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.\"}], \"source\": {\"advisory\": \"GHSA-2jjv-qf24-vfm4\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59828\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-24T19:48:56.366741Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-24T19:49:05.394Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59828\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-09-22T14:34:03.470Z\", \"datePublished\": \"2025-09-24T19:30:09.297Z\", \"dateUpdated\": \"2025-09-24T19:49:14.654Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-2JJV-QF24-VFM4

Vulnerability from github – Published: 2025-09-24 18:57 – Updated: 2025-11-27 09:05

Summary

Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Details

Summary

In Claude Code versions prior to 1.0.39, when the tool is used with Yarn 2.x or newer (Berry), Yarn plugins are automatically loaded and executed when running yarn --version. In Claude Code this sequence could execute plugin code before the user accepts the directory trust prompt for an untrusted workspace, resulting in a potential arbitrary code execution path.

Yarn Classic (v1) is not affected. The issue is fixed in 1.0.39.

Impact

An attacker who can influence the project directory to include or reference a malicious Yarn plugin, or who can otherwise cause plugin execution in an untrusted directory, may achieve code execution on the machine where Claude Code is invoked. The vulnerability compromises the confidentiality, integrity and availability of the vulnerable host process.

Remediation

Update Claude Code to 1.0.39 or later. Users on auto-update channels receive the fix automatically; manual installations should upgrade explicitly. As defense in depth, avoid running Yarn in untrusted directories and prefer Yarn Classic when plugin functionality is not required.

Background

Yarn 2+ supports a plugin architecture in which plugins are loaded at runtime and can inject behavior into Yarn commands; this capability underpins the observed auto-execution on yarn --version.

Thank you to https://hackerone.com/michel_ for reporting this issue!

Severity ?

7.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@anthropic-ai/claude-code"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-829",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-24T18:57:44Z",
    "nvd_published_at": "2025-09-24T20:15:33Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nIn Claude Code versions prior to **1.0.39**, when the tool is used with **Yarn 2.x or newer (Berry)**, Yarn plugins are automatically loaded and executed when running `yarn --version`. In Claude Code this sequence could execute plugin code before the user accepts the directory trust prompt for an untrusted workspace, resulting in a potential arbitrary code execution path. \n\n**Yarn Classic (v1)** is not affected. The issue is fixed in **1.0.39**.\n\n### Impact\n\nAn attacker who can influence the project directory to include or reference a malicious Yarn plugin, or who can otherwise cause plugin execution in an untrusted directory, may achieve code execution on the machine where Claude Code is invoked. The vulnerability compromises the confidentiality, integrity and availability of the vulnerable host process.\n\n### Remediation\n\nUpdate Claude Code to **1.0.39** or later. Users on auto-update channels receive the fix automatically; manual installations should upgrade explicitly. As defense in depth, avoid running Yarn in untrusted directories and prefer Yarn Classic when plugin functionality is not required.\n\n### Background\n\nYarn 2+ supports a plugin architecture in which plugins are loaded at runtime and can inject behavior into Yarn commands; this capability underpins the observed auto-execution on `yarn --version`.\n\n---\n\n\u003e Thank you to https://hackerone.com/michel_ for reporting this issue!",
  "id": "GHSA-2jjv-qf24-vfm4",
  "modified": "2025-11-27T09:05:06Z",
  "published": "2025-09-24T18:57:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59828"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/anthropics/claude-code"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2jjv-qf24-vfm4"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59828"
    },
    {
      "type": "WEB",
      "url": "https://yarnpkg.com/advanced/plugin-tutorial"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions"
}

FKIE_CVE-2025-59828

Vulnerability from fkie_nvd - Published: 2025-09-24 20:15 - Updated: 2025-11-26 17:01

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4	Third Party Advisory

Impacted products

	Vendor	Product	Version
	anthropic	claude_code	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "F9319590-C852-4610-84AB-311B721A4554",
              "versionEndExcluding": "1.0.39",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version."
    },
    {
      "lang": "es",
      "value": "Claude Code es una herramienta de codificaci\u00f3n ag\u00e9ntica. Antes de la versi\u00f3n 1.0.39 de Claude Code, al usar Claude Code con versiones 2.0+ de Yarn, los plugins de Yarn se auto-ejecutan al ejecutar yarn --version. Esto podr\u00eda llevar a una omisi\u00f3n del di\u00e1logo de confianza de directorio en Claude Code, ya que los plugins se ejecutar\u00edan antes de que el usuario aceptara los riesgos de trabajar en un directorio no confiable. Los usuarios que ejecutaban Yarn Classic no se vieron afectados por este problema. Este problema ha sido corregido en la versi\u00f3n 1.0.39. Los usuarios con la actualizaci\u00f3n autom\u00e1tica est\u00e1ndar de Claude Code habr\u00e1n recibido esta correcci\u00f3n autom\u00e1ticamente. A los usuarios que realizan actualizaciones manuales se les aconseja actualizar a la \u00faltima versi\u00f3n."
    }
  ],
  "id": "CVE-2025-59828",
  "lastModified": "2025-11-26T17:01:17.137",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-24T20:15:33.527",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-829"
        },
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59828 (GCVE-0-2025-59828)

GHSA-2JJV-QF24-VFM4

Summary

Impact

Remediation

Background

FKIE_CVE-2025-59828

Tags

Sightings

Nomenclature