CVE-2025-57755

HIGH

Musistudio Claude-code-router < 1.0.34 - Information Disclosure

Title source: rule

Description

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data. The issue has been patched in v1.0.34.

References (1)

[Vendor Advisory] https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c

Scores

CVSS v4 8.1

EPSS 0.0007

EPSS Percentile 22.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-200 CWE-942

Status published

Products (2)

musistudio/claude-code-router 0 - 1.0.34npm

musistudio/claude-code-router < 1.0.34

Published Aug 21, 2025

Tracked Since Feb 18, 2026