Headline
GHSA-j4h9-wv2m-wrf7: Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
At startup, Claude Code executed a command templated in with git config user.email. A maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to the NVIDIA AI Red Team for reporting this issue!
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-59041
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
High severity GitHub Reviewed Published Sep 9, 2025 in anthropics/claude-code • Updated Sep 10, 2025
Package
npm @anthropic-ai/claude-code (npm)
Affected versions
< 1.0.105
At startup, Claude Code executed a command templated in with git config user.email. A maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to the NVIDIA AI Red Team for reporting this issue!
References
- GHSA-j4h9-wv2m-wrf7
- https://nvd.nist.gov/vuln/detail/CVE-2025-59041
Published to the GitHub Advisory Database
Sep 10, 2025
Last updated
Sep 10, 2025