Claude Code · Claude · Anthropic · Gemini · Copilot · Cursor · The Register
Security biz Adversa AI argues users of AI systems need clearer warnings
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
Security biz Adversa AI argues users of AI tools need clearer warnings.
Key facts
- It worked on Claude Code CLI v2.1.114, as of May 2
- CVE-2025-59536 was considered a vulnerability because it triggered automatically when a user started up Claude Code in a malicious directory
- The pre-v2.1 dialog explicitly warned that.mcp.json could execute code and offered three options including 'proceed with MCP servers disabled,'" writes Adversa's Sergey Malenkovich
- It's the third CVE in Claude Code in six months from the same root cause (project-scoped settings as injection vector)," Alex Polyakov, co-founder of Adversa AI, told The Register in an email
Summary
How explicit does the maker of a footgun need to be about the product's potential to shoot you in the foot? That's the question security firm Adversa AI is asking with the disclosure of a one-click remote code execution attack via an MCP server in Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. The TrustFall proof-of-concept attack demonstrates how a cloned code repository can include two JSON files (.mcp.json and.claude/settings.json) that open the door to an attacker-controlled Model Context Protocol (MCP) server. C++ survey finds AI use rising, though trust is in short supply.