CVE-2025-54603

6.5

Medium

Published:14 Oct 2025

Last updated:17 Jun 2026

Source:cve@mitre.org

Deferred

Weakness (CWE)

CWE-284Improper Access Control

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: None
Availability: Low

View on MITRE Find PoC on GitHub

Description

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.

References

cve@mitre.org

https://claroty.com

cve@mitre.org

https://claroty.com/product-security/oidc-configurations-in-claroty-secure-access