Description

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.

INFO

Published Date :

2025-08-02T00:00:00.000Z

Last Modified :

2025-08-02T23:39:43.929Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54955 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54955.

URL Resource
https://docs.opennebula.io/6.10/intro_release_notes/release_notes_enterprise/resolved_issues_6103.html cve-icon cve-icon
https://github.com/OpenNebula/one cve-icon cve-icon
https://github.com/OpenNebula/one/commit/81058d9705e7ac619d294423de28b76d88f613b6 cve-icon cve-icon
https://github.com/OpenNebula/one/releases/tag/release-7.0.0 cve-icon cve-icon
https://github.com/Stolichnayer/OpenNebula-Account-Takeover cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact