CVE-2025-54955

High CVSS 8.1

Overview

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.

CWE: CWE-362 Published: 2025-08-03T00:15:25.633

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.1 (HIGH)
Detected tags: jwt, race, unauth_access (tag impact: HIGH)

Recommended actions:

Use strong algorithms (HS256/RS256), rotate secrets, short expiries.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags