Headline
GHSA-5hhx-v7f6-x7gv: Claude Code vulnerable to command execution prior to startup trust dialog
When running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to Benjamin Faller, Redguard AG and Michael Hess for reporting this issue!
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-65099
Claude Code vulnerable to command execution prior to startup trust dialog
High severity GitHub Reviewed Published Nov 19, 2025 in anthropics/claude-code • Updated Nov 19, 2025
Package
npm @anthropic-ai/claude-code (npm)
Affected versions
< 1.0.39
When running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to Benjamin Faller, Redguard AG and Michael Hess for reporting this issue!
References
- GHSA-5hhx-v7f6-x7gv
- https://nvd.nist.gov/vuln/detail/CVE-2025-65099
Published to the GitHub Advisory Database
Nov 19, 2025
Last updated
Nov 19, 2025