CVE-2025-59041 is a code injection vulnerability classified under CWE-94 affecting the anthropics Claude Code tool, an agentic coding assistant. The vulnerability stems from the tool executing a command at startup that incorporates the output of `git config user.email` without proper sanitization or validation. If an attacker can control the git user email configuration, they can inject arbitrary code that executes before the user has accepted the workspace trust dialog, bypassing a key security control. This means that simply opening the application with a malicious git configuration can lead to remote code execution (RCE) without requiring authentication or elevated privileges. The vulnerability affects all versions prior to 1.0.105, with a CVSS 4.0 score of 8.7, indicating high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction beyond launching the app. The impact includes full compromise of the affected system's confidentiality, integrity, and availability. Although no public exploits have been reported, the ease of exploitation and the critical nature of the flaw make it a significant threat. The vulnerability was published on September 10, 2025, and users relying on manual updates are urged to upgrade immediately. The flaw highlights the risks of executing unsanitized external inputs in startup scripts, especially in developer tools that integrate with version control systems.

For European organizations, the impact of CVE-2025-59041 is substantial. Organizations using Claude Code in software development, continuous integration, or automation pipelines risk full system compromise if exploited. Attackers could execute arbitrary code, leading to data theft, system manipulation, or deployment of further malware. The vulnerability bypasses workspace trust dialogs, undermining a key security boundary. This could lead to lateral movement within networks, especially in environments with interconnected developer workstations and servers. Confidentiality of proprietary code and intellectual property is at risk, as is the integrity of software builds and deployments. Availability could also be affected if attackers deploy ransomware or disrupt development environments. Given the high adoption of developer tools in European tech hubs, the threat could impact critical infrastructure sectors relying on secure software development practices. The lack of required privileges or complex user interaction increases the likelihood of successful exploitation in diverse environments.

1. Immediately update Claude Code to version 1.0.105 or later to apply the official patch. 2. For environments where immediate updating is not feasible, restrict or sanitize git user email configurations to prevent injection of malicious code. 3. Implement monitoring and alerting for unusual process executions or command invocations during Claude Code startup. 4. Enforce strict workspace trust policies and consider additional manual verification steps before enabling workspace features. 5. Use endpoint detection and response (EDR) tools to detect anomalous behaviors indicative of code injection or RCE. 6. Educate developers and IT staff about the risks of malicious git configurations and the importance of verifying repository metadata. 7. Review and harden startup scripts and environment configurations to minimize reliance on external inputs without validation. 8. Employ network segmentation to limit potential lateral movement from compromised developer machines. 9. Regularly audit software supply chains and development tools for vulnerabilities and timely patching.