Claude · The Register
Security biz Adversa AI argues users of AI systems need clearer warnings
Compiled by KHAO Editorial — aggregated from 4 outlets. See llms.txt for citation guidance.
◎ Multiple-sources
How explicit does the maker of a footgun need to be about the product's potential to shoot you in the foot?
Key facts
- It worked on Claude Code CLI v2.1.114, as of May 2
- CVE-2025-59536 was considered a vulnerability because it triggered automatically when a user started up Claude Code in a malicious directory
- The pre-v2.1 dialog explicitly warned that.mcp.json could execute code and offered three options including 'proceed with MCP servers disabled,'" writes Adversa's Sergey Malenkovich
- It's the third CVE in Claude Code in six months from the same root cause (project-scoped settings as injection vector)," Alex Polyakov, co-founder of Adversa AI, told The Register in an email
Summary
Security biz Adversa AI argues users of AI tools need clearer warnings. That's the question security firm Adversa AI is asking with the disclosure of a one-click remote code execution attack via an MCP server in Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. The TrustFall proof-of-concept attack demonstrates how a cloned code repository can include two JSON files (.mcp.json and.claude/settings.json) that open the door to an attacker-controlled Model Context Protocol (MCP) server. C++ survey finds AI use rising, though trust is in short supply.