CWE-942
Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
CVE-2025-25264 (GCVE-0-2025-25264)
Vulnerability from cvelistv5
Published
2025-06-16 09:45
Modified
2025-07-04 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Summary
An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-25264", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-06-16T18:15:48.127204Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-16T18:15:58.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks." } ], "value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-942", "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-04T07:32:47.814Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://certvde.com/en/advisories/VDE-2025-018/" } ], "source": { "advisory": "VDE-2025-018", "defect": [ "CERT@VDE#641748" ], "discovery": "UNKNOWN" }, "title": "Overly Permissive CORS Policy in WAGO Device Manager", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2025-25264", "datePublished": "2025-06-16T09:45:31.613Z", "dateReserved": "2025-02-06T12:30:08.317Z", "dateUpdated": "2025-07-04T07:32:47.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-27909 (GCVE-0-2025-27909)
Vulnerability from cvelistv5
Published
2025-08-18 14:00
Modified
2025-08-18 14:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Summary
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7242354 | vendor-advisory, patch |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
IBM | Concert Software |
Version: 1.0.0 ≤ 1.1.0 cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-27909", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-08-18T14:12:23.680897Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-18T14:12:36.834Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Concert Software", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "1.1.0", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains." } ], "value": "IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-942", "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-18T14:00:31.751Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory", "patch" ], "url": "https://www.ibm.com/support/pages/node/7242354" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Concert Software cross-origin resource sharing", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2025-27909", "datePublished": "2025-08-18T14:00:31.751Z", "dateReserved": "2025-03-10T17:14:11.136Z", "dateUpdated": "2025-08-18T14:12:36.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-57755 (GCVE-0-2025-57755)
Vulnerability from cvelistv5
Published
2025-08-21 16:21
Modified
2025-08-21 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data. The issue has been patched in v1.0.34.
References
▼ | URL | Tags |
---|---|---|
https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
musistudio | claude-code-router |
Version: < 1.0.34 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-57755", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-08-21T17:23:11.558909Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-21T17:31:44.119Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "claude-code-router", "vendor": "musistudio", "versions": [ { "status": "affected", "version": "\u003c 1.0.34" } ] } ], "descriptions": [ { "lang": "en", "value": "claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data. The issue has been patched in v1.0.34." } ], "metrics": [ { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-942", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-21T16:21:33.485Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/musistudio/claude-code-router/security/advisories/GHSA-8hmm-4crw-vm2c" } ], "source": { "advisory": "GHSA-8hmm-4crw-vm2c", "discovery": "UNKNOWN" }, "title": "claude-code-router CORS. misconfiguration" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2025-57755", "datePublished": "2025-08-21T16:21:33.485Z", "dateReserved": "2025-08-19T15:16:22.916Z", "dateUpdated": "2025-08-21T17:31:44.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.