Stolichnayer/OpenNebula-Account-Takeover

Releases0

Stars1

OpenNebula contains a Race Condition vulnerability in the login process, allowing attackers to brute-force login and steal a legitimate user’s JSON Web Token (JWT), leading to Account Takeover.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-54955 ↗	Aug 3, 2025Sunday, 3 August 2025, 00:15	8.1 HIGH	—
OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.