Main Vulnerability Database Vulnerabilities #VU128514

Trust Boundary Violation in Claude Code - CVE-2026-25725

Published: April 30, 2026

Vulnerability identifier: #VU128514

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-25725

CWE-ID: CWE-501

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Claude Code

Software vendor:
Anthropic

Description

The vulnerability allows a remote attacker to execute arbitrary code with host privileges.

The vulnerability exists due to trust boundary violation in the .claude/settings.json configuration file handling when malicious code running inside the sandbox creates a missing settings.json file. A remote attacker can inject persistent hooks such as SessionStart commands to execute arbitrary code with host privileges.

Exploitation requires that the settings.json file does not exist when Claude Code starts, and the injected hooks execute when Claude Code is restarted.

Remediation

Install security update from vendor's website.

External links

https://github.com/anthropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf

Trust Boundary Violation in Claude Code - CVE-2026-25725

Description

Remediation

External links

Please verify you're human