CVE-2025-65099: Claude Code vulnerable to command execution prior to startup trust dialog

November 19, 2025 (updated November 27, 2025)

When running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory running Yarn 3.0 or above.

Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to Benjamin Faller, Redguard AG and Michael Hess for reporting this issue!

References

github.com/advisories/GHSA-5hhx-v7f6-x7gv
github.com/anthropics/claude-code
github.com/anthropics/claude-code/security/advisories/GHSA-5hhx-v7f6-x7gv
nvd.nist.gov/vuln/detail/CVE-2025-65099

Code Behaviors & Features

Detect and mitigate CVE-2025-65099 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →