Home

Blogs

CVE-2025-66479: The CVE That Claude Code Never Got

CVE-2025-66479: Anthropic's Silent Fix and the CVE That Claude Code Never Got

allowedDomains: [], “Empty array = no network access.” — Anthropic Sandbox Runtime Documentation The implementation did not match the documentation. When I configured Claude Code’s sandbox with allowedDomains: [], expecting complete network isolation, the sandbox was wide open and allowed connections to any server on the internet. Anthropic patched this quietly in Claude Code v2.0.55 with a changelog entry saying “Fix proxy DNS resolution” — no mention of a critical security flaw. They assigned CVE-2025-66479 to their runtime library but did not assign a CVE to their flagship product Claude Code. The changelog did not include a security advisory. In practice, the issue was fixed quietly and most users were unlikely to realize there was a security patch. ...

December 3, 2025 · 6 min · 1138 words · Aonan Guan

Three Dots to Root: How I Found a Path Traversal in Microsoft's Agentic Web (NLWeb)

Discovered a classic path traversal vulnerability in Microsoft’s new Agentic Web protocol (NLWeb) that could expose sensitive files including API keys, credentials, and configuration files. The vulnerability was particularly critical as it could compromise AI agents’ “cognitive engines” by leaking LLM API keys. The research was featured in an exclusive interview with The Verge and subsequently covered by 30+ international media outlets across 15+ countries in 10+ languages, including PCWorld, IT Pro, Neowin, Tom’s Guide, CIO Korea, 3DNews Russia, iSpazio Italy, and Dagens AI Denmark. ...

August 6, 2025 · 1 min · 93 words · Aonan Guan