CVE-2025-57755

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data. The issue has been patched in v1.0.34.
CVSS

No CVSS.

Configurations

No configuration.

History

22 Aug 2025, 18:08

Type Values Removed Values Added
Summary
  • (es) Claude-code-router es una potente herramienta para enrutar solicitudes de Claude Code a diferentes modelos y personalizar cualquier solicitud. Debido a una configuración incorrecta de Cross-Origin Resource Sharing (CORS), existe el riesgo de que las claves API de usuario o credenciales equivalentes queden expuestas a dominios no confiables. Los atacantes podrían aprovechar esta configuración incorrecta para robar credenciales, abusar de las cuentas, agotar las cuotas o acceder a datos confidenciales. El problema se ha corregido en la versión 1.0.34.

21 Aug 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-21 17:15

Updated : 2025-08-22 18:08


NVD link : CVE-2025-57755

Mitre link : CVE-2025-57755

CVE.ORG link : CVE-2025-57755


JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-942

Permissive Cross-domain Policy with Untrusted Domains