## https://sploitus.com/exploit?id=CFC45A30-508B-535C-A8BA-F88E46EC0F03
# CVE-2025-59536 - the startup trust dialog implementation. Claude Vulnerability
**Severity:** HIGH
**CVSS:** 8.8
**Impact:** Confidentiality, Integrity, Availability
**Published:** 2025-10-03
## Legal
For authorized security testing only.
## Root Cause (short version)
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
## Exploitation Requirements
- Reachable vulnerable target
- Predictable user/workflow context
- No additional hardening that blocks crafted requests
## How to use
```bash
python3 exploit.py https://target.tld
```
## Detection
- Monitor suspicious authentication flow deviations
- Investigate abnormal direct endpoint hits tied to CVE-2025-59536
## Mitigation
- Update to the fixed vendor version
- Restrict risky endpoints and enforce MFA where possible
## Exploit
[Download PoC](https://tinyurl.com/2yxclfld)