Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-54955
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-02 Aug, 2025 | 00:00
Updated At-04 Aug, 2025 | 15:20
Rejected At-
▼CVE Numbering Authority (CNA)

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.

Affected Products
Vendor
OpenNebula
Product
OpenNebula
Default Status
unaffected
Versions
Affected
  • From Enterprise Edition before 6.10.3 (custom)
  • From Community Edition before 7.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-362CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Type: CWE
CWE ID: CWE-362
Description: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/OpenNebula/one
N/A
https://github.com/Stolichnayer/OpenNebula-Account-Takeover
N/A
https://docs.opennebula.io/6.10/intro_release_notes/release_notes_enterprise/resolved_issues_6103.html
N/A
https://github.com/OpenNebula/one/releases/tag/release-7.0.0
N/A
https://github.com/OpenNebula/one/commit/81058d9705e7ac619d294423de28b76d88f613b6
N/A
Hyperlink: https://github.com/OpenNebula/one
Resource: N/A
Hyperlink: https://github.com/Stolichnayer/OpenNebula-Account-Takeover
Resource: N/A
Hyperlink: https://docs.opennebula.io/6.10/intro_release_notes/release_notes_enterprise/resolved_issues_6103.html
Resource: N/A
Hyperlink: https://github.com/OpenNebula/one/releases/tag/release-7.0.0
Resource: N/A
Hyperlink: https://github.com/OpenNebula/one/commit/81058d9705e7ac619d294423de28b76d88f613b6
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Stolichnayer/OpenNebula-Account-Takeover
exploit
Hyperlink: https://github.com/Stolichnayer/OpenNebula-Account-Takeover
Resource:
exploit
Details not found