Primary

Context

Claude Code Arbitrary File Write Vulnerability via Sed Command Validation Bypass

Vulnerability

A vulnerability in Claude Code prior to version 2.0.31 allows users to bypass the read-only validation and write to arbitrary files on the host system. This issue arises from an error in the parsing of sed commands, which could be exploited to manipulate file writing permissions. The vulnerability has been patched in version 2.0.31.

Impact

Exploitation of this vulnerability could lead to unauthorized writing of files on the host system, potentially allowing for the modification of critical system or application files.

Remediation

Users on the standard Claude Code auto-update will have received the fix automatically. Those performing manual updates should update to the latest version.

Added: Nov 21, 2025, 2:17 AM

Updated: Nov 21, 2025, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claude Code Arbitrary File Write Vulnerability via Sed Command Validation Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating