Letting Claude Code Into the Terminal: From Installation to CVE Analysis
Introduction
Security work lives in the space between theory and reality. CVE databases describe vulnerabilities in idealized terms, but real systems are messy, inconsistent, and full of mitigating factors that scanners rarely understand. This gap between “listed as vulnerable” and “actually exploitable” is where human judgment usually steps in. Recently, I explored whether that judgment could be meaningfully augmented by an AI that doesn’t just talk about commands, but can execute them, read the results, and adapt its reasoning in real time.
Claude Code sits precisely in that space. It is not a hacking tool and it is not an automated scanner. Instead, it is a language model wired into a terminal environment with explicitly scoped permissions. The goal of this post is to walk through installing Claude Code and using it to analyze whether a system may be affected by a specific vulnerability, CVE-2025-664781 2 3, without turning the exercise into exploit theater. The emphasis is on reasoning, evidence, and restraint.
Installation
Installing Claude Code is refreshingly uneventful, which is exactly what you want when introducing AI into a security workflow. The tool is distributed via command line https://claude.com/product/claude-code, using an API key or subscription (Pro) for model access while keeping execution under your control.
The official Claude Code product page highlighting its focus on terminal- and IDE-based workflows, along with the one-line installation command using
curl | bash.
Claude Code product page
Successful installation of Claude Code via the official installer script, displaying the installed version and binary location on the local system.
Claude Code installation on Kali Linux
After installing the package globally and setting the required environment variable for authentication, Claude Code initializes itself within a chosen working directory.
Claude Code onboarding screen prompting the user to select a preferred terminal theme before starting an interactive session.
Initial terminal appearance setup
Claude Code requests the login method, allowing authentication either through a Claude subscription account or via the Anthropic Console with API usage billing.
Authentication method selection
OAuth authorization flow in the browser to securely connect Claude Code with the user’s Claude account.
Browser-based account authorization
Claude Code prompts the user to confirm trust for the selected working directory, emphasizing security boundaries and controlled file access.
Workspace trust confirmation
The main Claude Code interface after successful login, showing version information, active model, working directory, and startup tips.
Claude Code welcome dashboard
During initialization, a configuration file is created that defines the boundaries of Claude’s access. This includes which directories it can read from or write to and whether it is allowed to execute shell commands. These constraints are not optional details; they are the core safety mechanism. Claude Code is powerful precisely because it is limited. You decide the sandbox, and the model operates strictly within it.
Overview of available Claude Code commands, including configuration, diagnostics, agent management, and session export.
Built-in commands and features
The agents menu where users can view built-in agents or create specialized sub-agents for tasks such as security review or code analysis.
Agent management interface
The interface for defining a new custom agent, allowing the user to specify its role and intended use within a project.
Creating a new agent
Selecting All Tools
Creating the description of an new agent
Successful create an new agent
Once initialized, starting Claude Code opens an interactive session that feels less like a chatbot and more like a quiet analyst sitting beside you, waiting for a well-formed task.
Usage
With Claude Code fully set up and running inside the terminal, the next step is to use it as a guided assistant to follow and understand the proof-of-concept workflow provided in the CVE-2025-55182 repository4 5. This repository 4 5 documents a practical method for validating whether a target system is affected, and it serves as a solid baseline for structured vulnerability testing rather than blind exploitation.
The React2Shell proof-of-concept application 4 5 running on localhost:3000, intentionally built with vulnerable React Server Components and Next.js versions to simulate real-world RCE scenarios.
React2Shell vulnerable test application
The session begins by asking Claude Code to familiarize itself with the vulnerability context described in the repository 4 5 . Claude is prompted to review the affected software component, the vulnerable functionality, and the conditions required for the issue to manifest.
Claude Code fetches and inspects the application response from localhost:3000, identifying indicators of a vulnerable Next.js and React Server Components setup.
Claude Code reports two critical vulnerabilities, CVE-2025-551821 2 3 and CVE-2025-664781 2 3, affecting React Server Components and the Next.js App Router integration.
Initial vulnerability reconnaissance using Claude Code
Detailed explanation of the unsafe deserialization flaw in the React Server Components “Flight” protocol, which enables arbitrary code execution when malicious payloads are processed.
Claude Code retrieves and reviews the public proof-of-concept repository for CVE-2025-55182 1 2 3 to validate exploitation logic and prerequisites.
Identified critical vulnerabilities
Once the vulnerability scope is clear, Claude Code is used to help reproduce the initial validation steps outlined in the tutorial. The repository demonstrates how to prepare the testing environment, including identifying the relevant service or application endpoint and confirming that the target version falls within the affected range. Claude executes supporting commands directly in the terminal to verify versions, confirm service availability, and ensure the environment matches the assumptions made by the PoC.
Claude Code detects the presence of Nuclei on the system and uses a dedicated CVE-2025-55182 1 2 3 template to confirm exploitability.
Automated validation using Nuclei scanner
A series of crafted POST requests sent to the Next.js application, testing for server-side execution behavior and response anomalies.
Vulnerability confirmation summary
Claude Code generates a full curl-based proof-of-concept payload demonstrating how arbitrary commands can be injected via the vulnerable RSC endpoint.
Exploit payload construction with curl (1)
Exploit payload construction with curl (2)
During testing, Claude Code continuously correlates live output with the expected results documented in the repository. If the observed behavior matches the vulnerable pattern, Claude highlights the specific indicators that support that conclusion. If the behavior differs, it explains which prerequisite may be missing or which configuration detail could be preventing exploitation. This reflective loop helps avoid false positives, a common issue when running PoCs without full context.
Execution of the crafted payload results in command output returned within the application response, confirming successful remote code execution on the target system.
Successful remote command execution
By the end of the process, Claude Code assists in summarizing the findings in plain technical language. The conclusion is framed around evidence gathered during testing, explicitly referencing which conditions from the tutorial were met and which were not.
Security Notes
Allowing an AI to execute commands locally deserves caution, even in a controlled lab. Claude Code mitigates risk by requiring explicit permission boundaries, but responsibility still sits with the operator. The tool should only be used in environments you own or are authorized to test, and its access should be limited to the minimum necessary to complete the task.
It’s also important to understand what Claude Code is not. It does not verify exploits, bypass ethical constraints, or understand organizational risk context. It reasons based on observable evidence and known vulnerability descriptions. That makes it well-suited for triage and analysis, but not for final decision-making or unsupervised operation.
Used thoughtfully, Claude Code becomes a force multiplier for careful work. Used carelessly, it becomes a faster way to misunderstand a system. The difference lies entirely in how tightly you define its role.
Conclusion
Analyzing CVE-2025-66471 2 3 with Claude Code reinforced a simple truth: the most valuable part of vulnerability assessment is not the command output, but the reasoning wrapped around it. Claude Code does not replace expertise, but it does externalize and accelerate a particular kind of thinking—the kind that checks assumptions, explains uncertainty, and treats CVEs as conditional statements rather than absolute truths.
This experiment wasn’t about proving that AI can hack systems. It was about seeing whether AI can think alongside us while we do security work the right way. In that role, Claude Code shows real promise. It doesn’t claim certainty where none exists, and it treats the terminal not as a performance stage, but as an evidence source.
That restraint is exactly what modern security tooling needs more of.
References
-
CVE-2025-55182 - https://nvd.nist.gov/vuln/detail/CVE-2025-55182 ↩︎ ↩︎2 ↩︎3 ↩︎4 ↩︎5 ↩︎6
-
Security Advisory: CVE-2025-66478 - https://nextjs.org/blog/CVE-2025-66478 ↩︎ ↩︎2 ↩︎3 ↩︎4 ↩︎5 ↩︎6
-
Security Advisory: Critical RCE Vulnerabilities in React Server Components & Next.js (CVE-2025-55182 / CVE-2025-66478) - https://dev.to/snyk/security-advisory-critical-rce-vulnerabilities-in-react-server-components-nextjs-3lef ↩︎ ↩︎2 ↩︎3 ↩︎4 ↩︎5 ↩︎6
-
Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation – https://github.com/l4rm4nd/CVE-2025-55182 ↩︎ ↩︎2 ↩︎3 ↩︎4
-
Next.js RSC RCE Scanner and POC (CVE-2025-66478) – https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478 ↩︎ ↩︎2 ↩︎3 ↩︎4