Vulnerability in Anthropics Claude-code
CVE-2026-25725
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directo…
EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.
Affected products
- Anthropics Claude-code — versions < 2.1.2
Weakness classification (CWE)
References
- https://github.com/anthropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf (x_refsource_CONFIRM)