CVE-2025-56534
Cross-Site Scripting in OpenNebula Custom Authenticator Driver
Publication date: 2026-04-29
Last updated on: 2026-04-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opennebula | opennebula | to 7.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue found in the custom authenticator driver of OpenNebula version 6.10.0.1. It allows attackers to inject and execute arbitrary web scripts or HTML by sending a specially crafted payload.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could execute malicious scripts in the context of the affected web application. This can lead to unauthorized actions, theft of sensitive information such as session tokens or credentials, and potentially compromise the security of users interacting with the application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a stored cross-site scripting (XSS) flaw that allows attackers to execute arbitrary scripts in users' browsers, potentially leading to session hijacking and unauthorized access to user data.
Such unauthorized access and potential data exposure could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.
Mitigating this vulnerability by upgrading to OpenNebula version 7.0 or higher is essential to reduce the risk of non-compliance due to security incidents stemming from this flaw.
Can you explain this vulnerability to me?
CVE-2025-56534 is a stored cross-site scripting (XSS) vulnerability found in the custom authenticator driver of OpenNebula version 6.10.0.1. This flaw allows an attacker to inject malicious web scripts or HTML payloads that are stored and later executed in the browsers of other users when they access the affected component.
For example, an attacker can insert a crafted payload like <image src=q onerror=prompt(8)> which triggers arbitrary JavaScript execution when rendered. This means the attacker can run scripts that could hijack user sessions, deface web pages, or perform other malicious actions.
The vulnerability exists specifically in the opennebula-sunstone component's custom authenticator driver and affects versions prior to OpenNebula 7.0.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary scripts in the context of your web application users. Potential impacts include:
- Session hijacking, where attackers steal user session tokens to impersonate legitimate users.
- Defacement or alteration of web content, damaging the integrity and trustworthiness of your application.
- Execution of malicious actions on behalf of users, potentially leading to data theft or unauthorized operations.
Overall, this vulnerability compromises the security and trust of the affected OpenNebula deployment until it is patched or upgraded.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a stored cross-site scripting (XSS) issue in the custom authenticator driver of OpenNebula version 6.10.0.1. Detection involves identifying if your OpenNebula deployment is running a vulnerable version and if malicious payloads have been injected.
Since the vulnerability is triggered by crafted payloads stored and later rendered in the web interface, detection can include reviewing logs or database entries for suspicious input containing typical XSS payloads such as <image src=q onerror=prompt(8)>.
There are no specific commands provided in the resources to detect this vulnerability directly. However, general steps include:
- Check the OpenNebula version with a command like `one --version` or by inspecting the installed package version.
- Review web server or application logs for unusual or suspicious input patterns that resemble XSS payloads.
- Manually inspect the custom authenticator driver inputs or database fields that store user input for malicious scripts.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to upgrade OpenNebula to version 7.0 or higher, where this vulnerability has been fixed.
Until the upgrade can be performed, consider restricting access to the affected OpenNebula Sunstone web interface to trusted users only, to reduce the risk of exploitation.
Additionally, review and sanitize any inputs to the custom authenticator driver if possible, and monitor for suspicious activity or injected scripts.