CVE-2025-64755 is an OS command injection vulnerability classified under CWE-78 affecting anthropics' Claude Code, an agentic coding tool used to automate coding tasks. The vulnerability exists in versions prior to 2.0.31 due to an error in how sed commands are parsed within the application. Specifically, the flawed parsing allows attackers to bypass the tool's read-only validation mechanism, enabling them to write to arbitrary files on the host system. This can lead to unauthorized modification of critical files, potentially resulting in privilege escalation, data corruption, or persistent backdoors. The vulnerability is remotely exploitable without requiring authentication or privileges but does require user interaction, such as triggering the vulnerable functionality within Claude Code. The CVSS v4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, given the ability to alter system files arbitrarily. Although no known exploits have been reported in the wild, the vulnerability's nature and severity necessitate prompt remediation. The patch released in version 2.0.31 corrects the sed command parsing logic, restoring proper validation and preventing arbitrary file writes. Organizations using Claude Code should prioritize upgrading to this version to mitigate risk.

For European organizations, this vulnerability poses a significant risk to software development environments and any systems where Claude Code is deployed. The ability to write arbitrary files can lead to unauthorized code execution, data tampering, or disruption of development workflows. This can compromise intellectual property, introduce malware, or cause operational outages. Given the agentic nature of Claude Code, which automates coding tasks, exploitation could propagate malicious changes quickly across codebases or build systems. The lack of required privileges for exploitation increases the attack surface, especially in environments where multiple users have access to the tool. Confidentiality is at risk due to potential exposure or alteration of sensitive code or configuration files. Integrity is compromised by unauthorized file modifications, and availability may be affected if critical files are corrupted or overwritten. European organizations with stringent data protection regulations (e.g., GDPR) may face compliance issues if breaches occur due to this vulnerability.

1. Immediately upgrade all instances of Claude Code to version 2.0.31 or later, where the vulnerability is patched. 2. Restrict access to Claude Code to trusted users only, minimizing the risk of exploitation via social engineering or accidental triggering. 3. Implement strict file system permissions to limit the ability of the Claude Code process to write outside designated directories, reducing the impact of potential exploitation. 4. Monitor file integrity on systems running Claude Code using tools like tripwire or OS-integrated file integrity monitoring to detect unauthorized changes promptly. 5. Educate developers and users about the risks of interacting with untrusted inputs or commands within the tool to reduce inadvertent exploitation. 6. Review and harden the CI/CD pipelines and build environments that integrate Claude Code to prevent propagation of malicious changes. 7. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behaviors related to file writes or command executions initiated by Claude Code.