Check Point Research revealed critical RCE and API token theft in Anthropic’s Claude Code via project-level configs and executable hooks in .claude/settings.json and .mcp.json. Issues have been patched. #RemoteCode #APIExfiltration #USA
ift.tt/G5O6KA7
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-5...
Check Point Research discovered critical vulnerabilities in Anthropic’s Claude Code that allowed remote code execution and API key exfiltration via repository-controlled configurations. The issues —...
From hendryadrian.com 1
218