GHSA-pmw4-pwvc-3hx2 · Severity: high · Ecosystem: npm — Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access
Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.
Conclusion & alert: CVE-2025-54794 is rated Moderate Risk (49.9/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.85%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.38% | 0.85% | +0.47% |
| 2 | 2026-06-01 | 0.05% | 0.38% | +0.33% |
| 3 | 2026-04-10 | — | 0.05% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.7 | 4.0 | HIGH |
|
— | — | [email protected] |
| 9.1 | 3.1 | CRITICAL |
|
3.9 | 5.2 | [email protected] |
GHSA-pmw4-pwvc-3hx2 · Severity: high · Ecosystem: npm — Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| anthropic | claude_code | < 0.2.111 | cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:* |
| URL | Tags |
|---|---|
| https://github.com/anthropics/claude-code/security/advisories/GHSA-pmw4-pwvc-3hx2 | Vendor Advisory |