CVE-2025-54955
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-03

Last updated on: 2025-08-04

Assigner: MITRE

Description
OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-03
Last Modified
2025-08-04
Generated
2026-05-27
AI Q&A
2025-08-03
EPSS Evaluated
2026-05-25
NVD
CVE-2025-54955
EUVD
EUVD-2025-23454
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
opennebula opennebula 6.10.3
opennebula opennebula 7.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a critical race condition in OpenNebula Community Edition before 7.0.0 and Enterprise Edition before 6.10.3, called FireEdge. It allows an unauthenticated attacker to exploit the race condition to obtain a valid JSON Web Token (JWT) of a legitimate user without knowing their credentials, effectively leading to full account takeover.


How can this vulnerability impact me? :

The vulnerability can lead to a full account takeover by an unauthenticated attacker, meaning they can gain unauthorized access to user accounts and potentially control or manipulate the affected system with the privileges of the compromised user.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart