UNIX Symbolic Link (Symlink) Following

CVE-2025-59829

Low

2.3/10

Summary

Claude Code is an agentic coding tool. In the affected versions, Claude Code failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. This issue affects @anthropic-ai/claude-code package versions prior to 1.0.120. Users on the standard Claude Code auto-update will receive this fix automatically. Users performing manual updates are advised to update to the latest version.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-61 - UNIX Symbolic Link (Symlink) Following

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

Advisory

Advisory Timeline

Published Oct 03, 2025

UNIX Symbolic Link (Symlink) Following

CVE-2025-59829

Summary

CWE-61 - UNIX Symbolic Link (Symlink) Following

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS