Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-65099
CVE-2025-65099:
JavaScript vulnerability analysis and mitigation
Overview
Claude Code, an agentic coding tool, has been identified with a high-severity vulnerability tracked as CVE-2025-65099. The vulnerability was discovered and disclosed in November 2025, affecting the npm package @anthropic-ai/claude-code (GitHub Advisory).
Technical details
The vulnerability involves command execution capabilities that can be triggered prior to the Claude Code startup trust dialog. This represents a significant security concern that has been marked for NVD enrichment efforts (NVD).
Impact
The vulnerability allows unauthorized command execution before the trust dialog appears, potentially enabling malicious actors to execute arbitrary commands without proper user authorization or validation.
Additional resources
Source: This report was generated using AI
Related JavaScript vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management