216.73.217.19

CVE-2025-65099

· Published 19/11/2025 18:15 · Modified 25/11/2025 19:32

Labels: CVE-2025-65099 2025-11-19CVE-2025-65099CWE-94[email protected]

Essential information

Published
19/11/2025 18:15
Modified
25/11/2025 19:32
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
anthropic / claude code cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*

References