Is CVE-2025-59532 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2025-59532 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2025-59532

CVE-2026-22708, CVSS 7.8. A crafted GitHub issue description caused Claude Code's GitHub Action to read CI/CD secrets from /proc/self/environ. Patched in v1.0.94. The tools building the web have the same vulnerabilities as the web itself.

2025

What WebPulse reported · 1 analysis

Claude Code GitHub Action Had a Prompt Injection Flaw. A Malicious Issue Title Could Read Your CI/CD Secrets.

CVE-2026-22708, CVSS 7.8. A crafted GitHub issue description caused Claude Code's GitHub Action to read CI/CD secrets from /proc/self/environ. Patched in v1.0.9

June 14, 2026

View CVE-2025-59532 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2025-71338 CVE-2025-71336 CVE-2025-71327 CVE-2025-67644 CVE-2025-4322 CVE-2025-29927 CVE-2025-55182 CVE-2025-54236