High severityNVD Advisory· Published Nov 21, 2025· Updated Nov 24, 2025
@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes
CVE-2025-64755
Description
Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@anthropic-ai/claude-codenpm | < 2.0.31 | 2.0.31 |
Affected products
1- Range: < 2.0.31
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-7mv8-j34q-vp7qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64755ghsaADVISORY
- github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7qghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.