CVE-2025-64755

EUVD-2025-198355
Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
anthropicclaude_code
𝑥
< 2.0.31
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q