High severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025
Claude Code's startup trust dialog could lead to Command Execution attack
CVE-2025-59536
Description
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@anthropic-ai/claude-codenpm | < 1.0.111 | 1.0.111 |
Affected products
1- Range: < 1.0.111
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-4fgq-fpq9-mr3gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59536ghsaADVISORY
- github.com/anthropics/claude-code/security/advisories/GHSA-4fgq-fpq9-mr3gghsax_refsource_CONFIRMWEB
News mentions
2- Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'The Register Security · May 7, 2026
- 'TrustFall' Convention Exposes Claude Code Execution RiskDark Reading · May 7, 2026