Claude Code high-risk vulnerability exploited by hackers, encrypting users into attack targets

Anthropic’s Claude Code has exposed a serious privilege escalation and command execution vulnerability, allowing attackers to execute arbitrary commands without user authorization. Even more concerning is that this vulnerability has already been exploited by hackers to attack encrypted users. According to the latest news, security researcher 23pds from SlowMist team reposted a report by researcher Adam Chester, with the vulnerability ID CVE-2025-64755, and related PoC has been made public.

Core Threat of the Vulnerability

What is this vulnerability

This vulnerability in Claude Code allows attackers to achieve privilege escalation and command execution, crucially without obtaining any authorization from the user. This means that even if you haven’t clicked any suspicious links or entered any commands, hackers could exploit this vulnerability through carefully crafted methods to operate on your system.

Why is this more dangerous for encrypted users

According to relevant information, Claude Code is widely used among crypto developers and traders. From social media discussions, many people use Claude Code to write arbitrage programs, trading bots, and other code involving fund operations. Once hackers gain command execution privileges through this vulnerability, they may:

• Steal wallet private keys or seed phrases
• Modify running trading code
• Intercept API keys and exchange credentials
• Install malicious programs for persistent monitoring

Bad Precedents from Past Vulnerabilities

According to the latest news, this vulnerability is similar to a previous one disclosed in the Cursor tool. Notably, this similar Cursor vulnerability has remained unpatched. This indicates that:

• Similar vulnerabilities may exist in multiple AI coding tools
• The patching cycle could be longer than expected
• Users cannot rely on quick responses from tool providers

Active Attacks Have Already Begun

23pds explicitly states that phishing hackers have exploited this vulnerability to attack encrypted users. This is not just a theoretical risk but an ongoing reality. Attackers may:

• Send phishing emails pretending to be official Claude Code support or technical staff
• Share fake tutorials or code snippets on social media
• Use seemingly normal code fragments that actually contain malicious payloads

What You Should Do Now

• If you use Claude Code to handle code involving funds (trading bots, wallet management, etc.), it is recommended to stop using it temporarily until Anthropic confirms a fix
• Check your Claude Code usage history for any suspicious command execution records
• If you have entered sensitive information like private keys or API keys in Claude Code, rotate those credentials immediately
• Follow Anthropic’s official security announcements to stay updated on the vulnerability fix progress
• For code already generated, carefully review it locally before deploying in production environments

Summary

This vulnerability in Claude Code exposes a security shortcoming of AI coding tools. For encrypted users, the threat is particularly severe because the code directly relates to fund security. The key now is not to be complacent and to wait for Anthropic’s official fix. The long-unpatched Cursor vulnerability serves as a reminder that users cannot fully rely on tool providers; their own security awareness and operational standards are equally important. It is recommended to maintain higher scrutiny of Claude Code-generated code involving fund operations until the vulnerability is fully patched.