Home > Vulnerability Database > CVE-2025-54955

Mend.io Vulnerability Database

CVE-2025-54955

Good to know:

Date: August 1, 2025

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.

Severity Score

8.1

Related Resources (7)

Url: https://github.com/OpenNebula/one/commit/81058d9705e7ac619d294423de28b76d88f613b6

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54955

Url: https://github.com/OpenNebula/one/releases/tag/release-7.0.0

Url: https://github.com/Stolichnayer/OpenNebula-Account-Takeover

Url: https://github.com/OpenNebula/one

Url: https://docs.opennebula.io/6.10/intro_release_notes/release_notes_enterprise/resolved_issues_6103.html

Url: https://www.mend.io/vulnerability-database/CVE-2025-54955

Severity Score

8.1

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Top Fix

Upgrade Version

Upgrade to version https://github.com/OpenNebula/one.git - release-6.99.85

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54955

Good to know:

Date: August 1, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?