Vulnerability in Anthropics Claude-code

CVE-2025-59829

Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to…

EPSS: 0.001 (18.5th percentile) — read the EPSS interpretation.

Affected products

Anthropics Claude-code — versions < 1.0.120

Weakness classification (CWE)

CWE-61 — UNIX Symbolic Link (Symlink) Following

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-66m2-gx93-v996 (x_refsource_CONFIRM)