CVE-2025-57755

Impact

Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data.

Patches

The issue has been patched in v1.0.34.

Published: Aug 21, 2025
Updated: Aug 22, 2025
CVE: CVE-2025-57755
GHSA: GHSA-8hmm-4crw-vm2c
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

CWEs:

CWE-200
CWE-942

Affected Software
References

Software	From	Fixed in
@musistudio / claude-code-router	-	1.0.34

https://github.com/musistudio/claude-code-router/issues/549
https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c

Vulnerability Database

CVE-2025-57755

Impact

Patches