CVE-2025-41090

Name of the Vulnerable Software and Affected Versions microCLAUDIA versions prior to 3.2.0

Description An improper access control issue exists in microCLAUDIA. An authenticated user can perform unauthorized actions on other organizations' systems by sending direct API requests. Attackers can leverage organization identifiers obtained through compromised endpoints or manual deduction to exploit this flaw. This allows cross-tenant access, enabling actions such as listing and managing remote assets, uninstalling agents, and deleting vaccine configurations. The affected API endpoints are not specified. The vulnerable parameter is the organization identifier.

Recommendations Update to a version newer than 3.2.0.