CVE-2025-55796
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openml | openml.org | 2.0.20241110 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the openml/openml.org web application using predictable MD5-based tokens for important user actions like signup confirmation, password resets, and email change confirmations. The tokens are generated by hashing the current timestamp without any user-specific data or randomness, making them predictable. Attackers can brute-force these tokens within a small time window to perform unauthorized actions such as confirming accounts, resetting passwords, or approving email changes.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized account confirmation, password resets, and email change approvals by attackers who brute-force the predictable tokens. This can result in account takeover, compromising user accounts and potentially leading to loss of access or control over affected accounts.