CVE-2025-59536

• Entity ID: ent-20260419-e667cba6c7df
• Type: issue
• Scope: shared
• Status: active
• Aliases: Hooks-before-trust race

Description

CVSS 8.7 High vulnerability: Hooks execute before the trust dialog due to a race condition during init. Patched in v1.0.111 (October 2025). Secondary bypass: enableAllProjectMcpServers: true in .claude/settings.json auto-approves all MCP servers, activating them before the project trust prompt. Attack vector: malicious PR + open-in-Claude-Code triggers pre-trust hook execution silently.

Key claims

• Repo-controlled config takes effect before trust is established

Relations

• CVE-2025-59536 --[related_to]--> GHSA-mmgp-wc2j-qcv7 (Penligent)

Sources

src-20260419-16b155f4f619