CVE-2025-54955

Published
View on NVD ↗
CVSS v3
8.1
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.

OpenNebula/one
OpenNebula/one
The open source Cloud & Edge Computing Platform bringing real freedom to your Enterprise Cloud 🚀
GitHubGitHub
1.7K
Stolichnayer/OpenNebula-Account-Takeover
Stolichnayer/OpenNebula-Account-Takeover
OpenNebula contains a Race Condition vulnerability in the login process, allowing attackers to brute-force login and steal a legitimate user’s JSON Web Token (JWT), leading to Account Takeover.
GitHubGitHub
1