CVE-2025-57755

CVSS v4.0

8.1

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions: claude-code-router versions prior to 1.0.34

Description: claude-code-router is susceptible to a Cross-Origin Resource Sharing (CORS) misconfiguration. This allows potential exposure of user API Keys or equivalent credentials to unauthorized domains. Exploitation could lead to credential theft, account abuse, quota exhaustion, or access to sensitive data.

Recommendations: Update to version 1.0.34 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-942

Related Identifiers

CVE-2025-57755

GHSA-8HMM-4CRW-VM2C

Affected Products

Claude-Code-Router

CVE-2025-57755

Weakness Enumeration

Related Identifiers

Affected Products

References · 10