CVE-2025-41090

HIGH

microCLAUDIA <3.2.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-41090. PoCs published by TheMalwareGuardian.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2025-41090, a broken access control vulnerability in microCLAUDIA ≤ 3.2.0. The exploit allows authenticated users to perform unauthorized actions on systems belonging to other organizations by crafting direct API requests.

Description

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a compromised endpoint or deduced manually. This vulnerability allows access between tenants, enabling an attacker to list and manage remote assets, uninstall agents, and even delete vaccines configurations.

Exploits (1)

nomisec WORKING POC 2 stars
by TheMalwareGuardian · poc
https://github.com/TheMalwareGuardian/brokeCLAUDIA

This repository contains a working PoC for CVE-2025-41090, a broken access control vulnerability in microCLAUDIA ≤ 3.2.0. The exploit allows authenticated users to perform unauthorized actions on systems belonging to other organizations by crafting direct API requests.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: microCLAUDIA ≤ 3.2.0
Auth required
Prerequisites: Valid microCLAUDIA account · Organization identifiers from another organization
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v4 7.6
EPSS 0.0028
EPSS Percentile 19.8%
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-306
Status published
Products (1)
CCN-CERT/microCLAUDIA 3.2.0
Published Oct 28, 2025
Tracked Since Feb 18, 2026