Arbitrary Argument Injection Affecting @anthropic-ai/claude-code package, versions <1.0.93
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-ANTHROPICAICLAUDECODE-14176027
- published4 Dec 2025
- disclosed3 Dec 2025
- creditRy0taK
Introduced: 3 Dec 2025
NewCVE-2025-66032 (opens in a new tab)How to fix?
Upgrade @anthropic-ai/claude-code to version 1.0.93 or higher.
Overview
@anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you.
Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper parsing of shell commands. An attacker can bypass the Claude Code read-only validation and execute arbitrary code by injecting specially crafted shell commands that leverage $IFS and short CLI flags.
Note: Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window.