453 matches found
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence AI-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. "The actor targeted at least 17 distinct organizations, including in...
CVE-2025-57755
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...
CVE-2025-57755
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...
CVE-2025-57755 claude-code-router CORS. misconfiguration
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...
CVE-2025-57755
CVE-2025-57755 concerns claude-code-router, where improper CORS configuration risks exposing user API keys or credentials to untrusted domains. The vulnerability affects the router’s cross-origin handling and could enable credential leakage, credential abuse, quota exhaustion, or access to sensit...
CVE-2025-57755 claude-code-router CORS. misconfiguration
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...
CVE-2025-57755 claude-code-router CORS. misconfiguration
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...
@cloudbase/cli (>=2.8.19 <=2.11.7) potentially affected by CVE-2025-57755 via @musistudio/claude-code-router (=1.0.36)
@musistudio/claude-code-router NPM version =1.0.36 is affected by a known vulnerability. The following packages have a transitive dependency on @musistudio/claude-code-router and may be impacted: - @cloudbase/cli =2.8.19, =2.11.7 Source cves: CVE-2025-57755 Source advisory:...
Command Injection
@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the confirmation prompt being bypassed, allowing execution of untrusted commands if malicious content is injected into the context window...
Path Traversal
@anthropic-ai/claude-code is vulnerable to Path Traversal. The vulnerability is due to using prefix matching instead of canonical path comparison, which allows bypassing directory restrictions and accessing files outside the CWD if a directory with the same prefix exists and untrusted content is...
Claude Code Router 安全漏洞
Claude Code Router is an enhancement to the flexibility and customizability of Claude Code by musi individual developers. A security vulnerability exists in Claude Code Router versions prior to 1.0.34, which stems from a misconfiguration of cross-resource sharing that could lead to credential...
PT-2025-34244 · Anthropic · Claude-Code-Router
Name of the Vulnerable Software and Affected Versions: claude-code-router versions prior to 1.0.34 Description: claude-code-router is susceptible to a Cross-Origin Resource Sharing CORS misconfiguration. This allows potential exposure of user API Keys or equivalent credentials to unauthorized...
1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +208 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)
@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-55284 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-12028699...
GHSA-X5GV-JW7F-J6XJ Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...
1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +220 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)
@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-55284 Source advisory: OSV:GHSA-X5GV-JW7F-J6XJ...
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...
CVE-2025-55284
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
CVE-2025-55284
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...