Vulnerabilities

CVE-2025-54955

by Fred · 03/08/2025

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.

More information : https://docs.opennebula.io/6.10/intro_release_notes/release_notes_enterprise/resolved_issues_6103.html

Similar

Tags: Cybersecurity Alert