Executive Summary

CVE-2025-54603 is a critical vulnerability in Claroty Secure Access versions 3.3.0 through 4.0.2 when using OpenID Connect (OIDC) authentication. It involves an incorrect OIDC authentication flow that can allow an attacker to create unauthorized user accounts or impersonate existing OIDC users. In some configurations, the attacker can even add themselves to the built-in 'Administrators' group, gaining administrative privileges within the application. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can severely impact you by allowing unauthorized users to gain access to your Claroty Secure Access system. Attackers could create new user accounts without permission or impersonate legitimate users, potentially leading to unauthorized access to sensitive systems. If attackers add themselves to the 'Administrators' group, they could gain full administrative control, compromising the security and integrity of your environment. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection involves verifying if your Claroty Secure Access deployment is running a vulnerable version (3.3.0 through 4.0.2) with OIDC authentication configured currently or previously. Since no public exploits or proof-of-concept code are known, direct detection commands are not provided. You should check the Claroty Secure Access version and review OIDC configuration settings to identify potential exposure. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading Claroty Secure Access to fixed versions 3.7 or 4.0.2 available through the Claroty customer portal. If you are running other affected versions, contact Claroty support for remediation guidance. Additionally, review and possibly disable or reconfigure OIDC authentication until the patch is applied to prevent unauthorized user creation or impersonation. [1]

Useful 0 Not Useful 0