CVE-2025-41090
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-10-30
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ccn-cert | microclaudia | 3.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in microCLAUDIA v3.2.0 and prior is an improper access control flaw that allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. Attackers can exploit this by using organization identifiers obtained through a compromised endpoint or deduced manually, enabling cross-tenant access.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to list and manage remote assets, uninstall agents, and delete vaccine configurations on systems belonging to other organizations. This unauthorized access and control can lead to significant operational disruption and potential data loss.