CVE-2025-54955
HIGHOpenNebula CE/EE <7.0.0/<6.10.3 - Privilege Escalation
Title source: llmDescription
OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.
References (5)
Core 5
Core References
Various Sources
https://docs.opennebula.io/6.10/intro_release_notes/release_notes_enterprise/resolved_issues_6103.html
Various Sources
https://github.com/OpenNebula/one
Scores
CVSS v3
8.1
EPSS
0.0023
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-362
Status
published
Products (2)
OpenNebula/OpenNebula
Community Edition - 7.0.0
OpenNebula/OpenNebula
Enterprise Edition - 6.10.3
Published
Aug 03, 2025
Tracked Since
Feb 18, 2026