CVE-2025-58764 is a high-severity vulnerability classified under CWE-94 (Improper Control of Generation of Code, commonly known as Code Injection) affecting the Anthropics product 'Claude Code', an agentic coding tool. The vulnerability arises from an error in command parsing in versions prior to 1.0.105, which allows an attacker to bypass the tool's confirmation prompt and trigger execution of untrusted commands. This means that if an attacker can inject malicious content into the Claude Code context window, they can cause the tool to execute arbitrary code without user confirmation. The vulnerability does not require any privileges or authentication (AV:N/PR:N), but does require user interaction (UI:P) to exploit, such as the user opening or interacting with a maliciously crafted context. The impact on confidentiality, integrity, and availability is high (VC:H/VI:H/VA:H), indicating that successful exploitation could lead to full compromise of the affected system. The vulnerability is network exploitable (AV:N) and has a low attack complexity (AC:L), making it relatively easy to exploit remotely if the attacker can inject content. The vendor has addressed this issue in version 1.0.105, and users with auto-update enabled should already be protected. Manual updaters are advised to upgrade immediately. No known exploits are currently reported in the wild, but the high CVSS score (8.7) and the nature of the vulnerability suggest a significant risk if exploited. The lack of patch links in the provided data suggests users should consult official Anthropics channels for updates.

For European organizations, the impact of CVE-2025-58764 could be severe. Claude Code, as an agentic coding tool, is likely used in software development environments, potentially handling sensitive codebases and intellectual property. Exploitation could lead to unauthorized code execution, allowing attackers to inject malicious code, steal confidential data, disrupt development workflows, or pivot to other internal systems. This could compromise the integrity of software products, lead to data breaches, and cause operational downtime. Given the high impact on confidentiality, integrity, and availability, organizations could face regulatory consequences under GDPR if personal data is exposed. The requirement for user interaction means social engineering or phishing could be used to facilitate exploitation, increasing risk in environments where developers interact with untrusted sources or third-party code. The vulnerability's ease of exploitation and network accessibility heighten the threat landscape for European enterprises relying on Claude Code for development.

European organizations should immediately verify the version of Claude Code in use and ensure it is updated to version 1.0.105 or later. For environments where automatic updates are disabled, implement strict update policies to enforce timely patching. Additionally, restrict the ability to inject untrusted content into Claude Code context windows by controlling input sources and limiting integration with untrusted third-party tools or services. Employ network segmentation and endpoint protection to detect and block suspicious command execution attempts. Educate developers about the risks of interacting with untrusted code snippets or content within Claude Code to reduce the likelihood of social engineering exploitation. Implement monitoring and logging of code execution activities within Claude Code to detect anomalous behavior promptly. Finally, coordinate with Anthropics for any further security advisories and apply any subsequent patches or mitigations recommended by the vendor.