VYPR
High severityNVD Advisory· Published Nov 21, 2025· Updated Nov 24, 2025

@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

CVE-2025-64755

Description

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@anthropic-ai/claude-codenpm
< 2.0.312.0.31

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.