Claude Code Research Preview has a Path Restriction Bypass which...

7.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.

Basic Information

ID CVE-2025-54794

Source GitHub_M

Published Aug 5, 2025 at 00:08

Modified Aug 5, 2025 at 14:17

Affected Product

Vendor anthropics

Product claude-code

Version < 0.2.111

Affected Versions anthropics claude-code < 0.2.111

CWE Classification

CWE-22

References

github.com /anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2

{
    "lastseen": "",
    "description": "Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.",
    "published": "2025-08-05T00:08:13.864Z",
    "modified": "2025-08-05T14:17:31.870Z",
    "type": "cve",
    "title": "Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access",
    "source": "GitHub_M",
    "references": "https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2",
    "id": "CVE-2025-54794",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "anthropics claude-code < 0.2.111",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "claude-code",
    "version": "< 0.2.111",
    "vendor": "anthropics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access_CVE-2025-54794