CVE-2025-59829

| EUVD-2025-32506 MEDIUM
2025-10-03 [email protected] GHSA-66m2-gx93-v996
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-32506
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
CVE Published
Oct 03, 2025 - 20:15 nvd
MEDIUM 6.5

Tags

Information Disclosure Claude Code

Description

Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.120.

Analysis

A security vulnerability in Claude Code (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Technical Context

Vulnerability type not specified by vendor. Affects Claude Code.

Affected Products

['Claude Code']

Remediation

Monitor vendor channels for patch availability.

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +32
POC: 0

Share

CVE-2025-59829 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy