CVE-2025-58764 is a high-severity vulnerability classified under CWE-94, indicating improper control of code generation, commonly known as code injection. This vulnerability affects the Anthropics product 'Claude Code,' an agentic coding tool designed to assist users in generating and executing code. The flaw exists in versions prior to 1.0.105 due to an error in the command parsing logic. Specifically, this error allows an attacker to bypass the confirmation prompt that normally guards against the execution of untrusted commands. By exploiting this bypass, an attacker can trigger the execution of arbitrary commands within the Claude Code environment without user consent. Exploitation requires the attacker to be able to inject untrusted content into a Claude Code context window, which implies some level of interaction or content insertion capability within the application environment. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting its high severity, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:P). The impact on confidentiality, integrity, and availability is high (VC:H, VI:H, VA:H), indicating that successful exploitation can lead to full compromise of the affected system. The vulnerability was published on September 10, 2025, and fixed in version 1.0.105. Users with automatic updates enabled have likely received the patch, but manual updaters must upgrade to the fixed version to mitigate the risk. No known exploits are currently reported in the wild, but the nature of the vulnerability and its ease of exploitation make it a significant threat if weaponized.

For European organizations, the impact of CVE-2025-58764 can be substantial. Claude Code, as an agentic coding tool, is likely used in software development environments, automation, and possibly in continuous integration/continuous deployment (CI/CD) pipelines. Successful exploitation could allow attackers to execute arbitrary code, leading to unauthorized access, data exfiltration, or disruption of development workflows. This could compromise intellectual property, sensitive customer data, or critical infrastructure codebases. Given the high impact on confidentiality, integrity, and availability, organizations could face operational downtime, reputational damage, and regulatory penalties under GDPR if personal data is exposed. The requirement for user interaction means phishing or social engineering could be vectors for exploitation, increasing the risk in environments where developers or operators interact with untrusted inputs. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the vulnerability's characteristics suggest it could be targeted by sophisticated threat actors aiming to compromise software supply chains or internal development environments.

European organizations should prioritize updating all instances of Claude Code to version 1.0.105 or later immediately, especially those environments where manual updates are performed. Beyond patching, organizations should implement strict input validation and sanitization controls around any user-generated or external content that could be injected into Claude Code context windows. Restricting access to Claude Code environments to trusted users and networks can reduce the risk of untrusted content injection. Additionally, organizations should enhance monitoring and logging around command execution within Claude Code to detect anomalous or unauthorized activities promptly. Employing endpoint detection and response (EDR) solutions that can identify suspicious command execution patterns will aid in early detection. User training to recognize and avoid social engineering attempts that could lead to injection of malicious content is also critical. Finally, integrating Claude Code usage into the organization's broader software supply chain security strategy will help mitigate risks associated with agentic coding tools.