CVE-2025-64755: @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

November 20, 2025 (updated November 21, 2025)

Due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system.

Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to Adam Chester - SpecterOps for reporting this issue!

References

github.com/advisories/GHSA-7mv8-j34q-vp7q
github.com/anthropics/claude-code
github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q
nvd.nist.gov/vuln/detail/CVE-2025-64755

Code Behaviors & Features

Detect and mitigate CVE-2025-64755 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →