N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-59041

GHSA ID

GHSA-j4h9-wv2m-wrf7

EPSS Score

CWE

CWE-94

Published

9/10/2025

Updated

9/10/2025

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-59041

CVE-2025-59041: Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

At startup, Claude Code executed a command templated in with git config user.email. A maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog.

Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to the NVIDIA AI Red Team for reporting this issue!

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-59041

GHSA ID

GHSA-j4h9-wv2m-wrf7

EPSS Score

CWE

CWE-94

Published

9/10/2025

Updated

9/10/2025

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@anthropic-ai/claude-code	npm	< 1.0.105	1.0.105

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*t st*rtup, *l*u** *o** *x**ut** * *omm*n* t*mpl*t** in wit* `*it *on*i* us*r.*m*il`. * m*li*iously *on*i*ur** us*r *m*il in *it *oul* ** us** to tri***r *r*itr*ry *o** *x**ution ***or* * us*r ****pt** t** worksp*** trust *i*lo*. Us*rs on st*n**r*

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-59041: Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI