漏洞关键信息 漏洞名称: Sed Command Validation Bypass Allows Arbitrary File Writes 严重性: High CVSS 4.0 Base Score: 8.7 / 10 影响的版本: <v2.0.31 修复的版本: v2.0.31 CVE ID: CVE-2025-64755 CVSS v4.0 Attack Vector: Network CVSS v4.0 Attack Complexity: Low CVSS v4.0 Attack Requirements: None CVSS v4.0 Privileges Required: None CVSS v4.0 User Interaction: Passive CVSS v4.0 Vulnerable System Impact Metrics: - Confidentiality: High - Integrity: High - Availability: High CVSS v4.0 Subsequent System Impact Metrics: - Confidentiality: None - Integrity: None - Availability: None CVSS v4.0 Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Weaknesses: CWE-78 描述 由于sed命令解析中的错误,绕过了Claude Code的只读验证,导致可以写入主机系统上的任意文件。 使用标准Claude Code自动更新的用户将自动收到此修复。手动更新的用户建议更新到最新版本。感谢Adam Chester - SpecterOps报告此问题!