Cybersecurity researcher Elad Beber of Cumulate has uncovered two critical flaws in Anthropic’s Claude Code AI development assistant CVE-2025–54794 and CVE-2025–54795 that could allow attackers to bypass safeguards and execute unauthorized commands. Both have since been patched by Anthropic.
The vulnerabilities were identified using an “inverse prompting” approach, where Claude itself was manipulated to reveal details of its own security mechanisms.
CVE-2025–54794 (CVSS 7.7) is a path traversal flaw in Claude Code’s sandboxing. Due to weak prefix-based validation, attackers could craft directories mimicking legitimate ones (e.g., /claude code evil) to escape the restricted working directory. Combined with symbolic links, this could grant full filesystem access.
CVE-2025–54795 (CVSS 8.7) is a command injection vulnerability that abuses the whitelisted echo command. By embedding shell commands inside permitted operations (e.g., echo “\”; <COMMAND>; echo \””), attackers could run arbitrary code without triggering approval prompts, potentially escalating privileges.
Both flaws were patched in Claude Code v0.2.111 and v1.0.20.
The findings highlight the unique risks in AI-powered development tools, where the same AI enforcing restrictions can be exploited to bypass them underscoring the need for rigorous validation and secure sandboxing.
The discovery of CVE-2025–54794 and CVE-2025–54795 in Claude Code highlights how AI-powered development assistants can become double-edged swords — offering productivity gains while introducing new, AI-specific attack surfaces. As these tools handle increasingly sensitive coding tasks, flaws in sandboxing or command execution logic can be exploited in ways traditional software security models may not anticipate. This incident reinforces the critical need for continuous red-teaming, strict input validation, and defense-in-depth strategies when deploying AI in developer environments.
#CyberSecurity #ClaudeCode #Anthropic #AIVulnerabilities #CVE202554794 #CVE202554795 #CommandInjection #PathTraversal #SandboxSecurity #AIExploitation #SecureCoding #ThreatIntelligence #AIpoweredDevelopment #InfoSec #ZeroTrust
Source link — https://cyberpress.org/security-flaw-in-claude/
