Critical severity9.8NVD Advisory· Published Sep 10, 2025· Updated Jun 17, 2026
CVE-2025-59041
CVE-2025-59041
Description
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@anthropic-ai/claude-codenpm | < 1.0.105 | 1.0.105 |
Affected products
2- Range: < 1.0.105
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.