CVE-2025-59828: Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
(updated )
In Claude Code versions prior to 1.0.39, when the tool is used with Yarn 2.x or newer (Berry), Yarn plugins are automatically loaded and executed when running yarn --version. In Claude Code this sequence could execute plugin code before the user accepts the directory trust prompt for an untrusted workspace, resulting in a potential arbitrary code execution path. Yarn Classic (v1) is not affected. The issue is fixed in 1.0.39.
References
- github.com/advisories/GHSA-2jjv-qf24-vfm4
- github.com/anthropics/claude-code
- github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4
- nvd.nist.gov/vuln/detail/CVE-2025-59828
- osv.dev/vulnerability/GHSA-2jjv-qf24-vfm4
- www.cve.org/CVERecord?id=CVE-2025-59828
- yarnpkg.com/advanced/plugin-tutorial
Code Behaviors & Features
Detect and mitigate CVE-2025-59828 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →