CVE-2025-57755 — @musistudio/claude-code-router has improper CORS configuration

描述

### Impact Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data. ### Patches The issue has been patched in v1.0.34.

如何修補 CVE-2025-57755

要修補 CVE-2025-57755,請將受影響套件升級到下列已修補版本。

—升級至 1.0.34 或更新版本

CVE-2025-57755 正在被利用嗎?

低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。

受影響套件(1)

from 0, < 1.0.34

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
osv	CVSS 3.1	NONE0.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

參考連結(4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-57755
PATCHgithub.com/musistudio/claude-code-router
WEBgithub.com/musistudio/claude-code-router/issues/549
WEBgithub.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c