N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-59828

GHSA ID

GHSA-2jjv-qf24-vfm4

EPSS Score

0.18461%

CWE

CWE-829

Published

9/24/2025

Updated

9/24/2025

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-59828

CVE-2025-59828: Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to https://hackerone.com/michel_ for reporting this issue!

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-59828

GHSA ID

GHSA-2jjv-qf24-vfm4

EPSS Score

0.18461%

CWE

CWE-829

Published

9/24/2025

Updated

9/24/2025

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@anthropic-ai/claude-code	npm	< 1.0.39	1.0.39

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

I was unable to find the commit that patches the vulnerability. The advisory does not link to a specific commit, and the tools I have to inspect the repository are not providing the necessary information to pinpoint the exact code changes. Without the patch, I cannot identify the vulnerable functions with high confidence. The get_repo_tags tool failed, which is a critical step in mapping a version to a commit. Also, the publication date of the advisory is in the future, which is unusual and might indicate an issue with the provided data. Given these limitations, I cannot provide a reliable analysis of the vulnerable functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n usin* *l*u** *o** wit* Y*rn v*rsions *.*+, Y*rn plu*ins *r* *uto-*x**ut** w**n runnin* `y*rn --v*rsion`. T*is *oul* l*** to * *yp*ss o* t** *ir**tory trust *i*lo* in *l*u** *o**, *s plu*ins woul* ** *x**ut** prior to t** us*r ****ptin* t** risks

Reasoning

I w*s un**l* to *in* t** *ommit t**t p*t***s t** vuln*r**ility. T** **visory *o*s not link to * sp**i*i* *ommit, *n* t** tools I **v* to insp**t t** r*pository *r* not provi*in* t** n***ss*ry in*orm*tion to pinpoint t** *x**t *o** ***n**s. Wit*out t*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-59828: Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI