N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-58764

GHSA ID

GHSA-qxfv-fcpc-w36x

EPSS Score

CWE

CWE-94

Published

9/10/2025

Updated

9/10/2025

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-58764

CVE-2025-58764: Claude Code rg vulnerability does not protect against approval prompt bypass

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window.

Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to the NVIDIA AI Red Team for reporting this issue!

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-58764

GHSA ID

GHSA-qxfv-fcpc-w36x

EPSS Score

CWE

CWE-94

Published

9/10/2025

Updated

9/10/2025

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@anthropic-ai/claude-code	npm	< 1.0.105	1.0.105

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*u* to *n *rror in *omm*n* p*rsin*, it w*s possi*l* to *yp*ss t** *l*u** *o** *on*irm*tion prompt to tri***r *x**ution o* *n untrust** *omm*n*. R*li**ly *xploitin* t*is r*quir*s t** **ility to *** untrust** *ont*nt into * *l*u** *o** *ont*xt win*ow.

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-58764: Claude Code rg vulnerability does not protect against approval prompt bypass

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI