GHSA-5hhx-v7f6-x7gv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5hhx-v7f6-x7gv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-5hhx-v7f6-x7gv/GHSA-5hhx-v7f6-x7gv.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-5hhx-v7f6-x7gv
- Aliases
-
- CVE-2025-65099
- Published
- 2025-11-19T20:33:10Z
- Modified
- 2025-11-19T21:12:49.424297Z
- Severity
-
- 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Claude Code vulnerable to command execution prior to startup trust dialog
- Details
-
When running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to Benjamin Faller, Redguard AG and Michael Hess for reporting this issue!
- Database specific
{ "nvd_published_at": "2025-11-19T18:15:51Z", "github_reviewed": true, "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed_at": "2025-11-19T20:33:10Z" }- References
Affected packages
npm / @anthropic-ai/claude-code
Package
- Name
- @anthropic-ai/claude-code
- View open source insights on deps.dev
- Purl
- pkg:npm/%40anthropic-ai/claude-code