EUVD-2025-36443

ID: EUVD-2025-36443

Severity: high

CVSS v4: 7.6 (CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a compromised endpoint or deduced manually. This vulnerability allows access between tenants, enabling an attacker to list and manage remote assets, uninstall agents, and even delete vaccines configurations.

Timestamps

Normalized: 2025-12-31T11:32:34Z UTC
Last updated: 2025-12-31T11:31:24Z UTC

References

No references provided.

VulnAI

EUVD-2025-36443

Description

Timestamps

References