CVE-2025-59041
EPSS 0.40%Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
Description
At startup, Claude Code constructed a shell command that interpolated the value of `git config user.email` from the current workspace. If an attacker controlled the repository’s Git config (e.g., via a malicious `.git/config`) and set `user.email` to a crafted payload, the unescaped interpolation could trigger arbitrary command execution **before** the user accepted the workspace-trust dialog. The issue affects versions prior to `1.0.105`. The fix in `1.0.105` avoids executing commands built from untrusted configuration and properly validates/escapes inputs. * **Patches:** Update to `@anthropic-ai/claude-code` `1.0.105` or later. * **Workarounds:** Open only trusted workspaces and inspect repository `.git/config` before launch; avoid inheriting untrusted Git configuration values. > Thank you to the NVIDIA AI Red Team for reporting this issue!
Affected packages (1)
- npm/@anthropic-ai/claude-codefrom 0, < 1.0.105
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |