CVE-2025-59828 | anthropics claude-code up to 1.0.38 Yarn inclusion of functionality from untrusted control sphere (GHSA-2jjv-qf24-vfm4)

A vulnerability, which was classified as critical, was found in anthropics claude-code up to 1.0.38. This impacts an unknown function of the component Yarn. Such manipulation leads to inclusion of functionality from untrusted control sphere.

This vulnerability is documented as CVE-2025-59828. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More