CVE-2025-54794 is a high-severity path traversal vulnerability (CWE-22) found in the anthropics claude-code product, an agentic coding tool. The vulnerability affects versions prior to 0.2.111 and arises from improper pathname validation. Specifically, the software uses prefix matching instead of canonical path comparison to enforce directory restrictions. This flawed validation allows an attacker to bypass directory constraints and access files outside the current working directory (CWD). Successful exploitation requires two conditions: first, the presence or the ability to create a directory with the same prefix as the CWD; second, the ability to inject untrusted content into a Claude Code context window. This means an attacker can craft input that tricks the path validation logic into granting access to unauthorized files, potentially exposing sensitive information or enabling further attacks. The vulnerability does not require authentication but does require user interaction (UI:P) and has no scope change (SI:N). The CVSS 4.0 score is 7.7, reflecting high impact on confidentiality, integrity, and availability. The flaw was addressed in version 0.2.111 by correcting the path validation mechanism to use canonical path comparison, effectively preventing directory traversal attacks.

For European organizations using anthropics claude-code, this vulnerability poses a significant risk. Unauthorized file access can lead to exposure of sensitive corporate data, intellectual property, or personal data protected under GDPR. The ability to read or manipulate files outside the intended directory can also facilitate further compromise, such as privilege escalation or deployment of malicious payloads. Since the vulnerability requires injecting untrusted content into the application context, it is particularly dangerous in collaborative or multi-user environments where attackers might exploit user input vectors. The high impact on confidentiality, integrity, and availability means that exploitation could disrupt development workflows, leak proprietary code, or corrupt critical files. Given the increasing adoption of AI-assisted coding tools in European tech sectors, the threat could affect software development firms, research institutions, and enterprises relying on claude-code for automation or coding assistance.

European organizations should immediately upgrade anthropics claude-code to version 0.2.111 or later to remediate this vulnerability. Until upgrade is possible, restrict access to claude-code context windows to trusted users only and implement strict input validation and sanitization to prevent injection of malicious path content. Employ runtime monitoring to detect anomalous file access patterns indicative of path traversal attempts. Network segmentation and least privilege principles should be enforced to limit the impact of any potential exploitation. Additionally, organizations should audit existing deployments for unauthorized directory creation with prefixes matching the CWD and remove or isolate such directories. Security teams should also educate developers and users on the risks of injecting untrusted content into coding tools. Finally, integrating file integrity monitoring and endpoint detection can help identify exploitation attempts early.