Claude Code high-risk privilege escalation vulnerability exploited by hackers to attack encrypted users

The Slow Fog team security researcher 23pds forwarded a report from researcher Adam Chester, revealing a privilege escalation and command execution vulnerability found in Anthropic's Claude Code. Attackers can execute commands without user authorization. The vulnerability ID is CVE-2025-64755, and a related PoC has been made public.

This issue has been noted to be similar to a previously disclosed vulnerability in the Cursor tool. 23pds stated that phishing hackers have already exploited the related vulnerability to attack cryptocurrency users.