CVE-2025-54955
Published: 03 August 2025
Summary
CVE-2025-54955 is a high-severity Race Condition (CWE-362) vulnerability in Opennebula (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and correction of flaws, directly mitigating this FireEdge race condition by applying patches in OpenNebula CE 7.0.0 or EE 6.10.3.
RA-5 mandates vulnerability monitoring and scanning to identify CVEs like CVE-2025-54955 in vulnerable OpenNebula versions, enabling proactive remediation.
IA-5 ensures secure authenticator management, including verification prior to JWT issuance, addressing race conditions that allow unauthenticated token theft.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Race condition in public-facing FireEdge component directly enables remote unauthenticated JWT theft (T1528) for account impersonation via valid token (T1550.001) after exploiting the exposed app (T1190).
NVD Description
OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging…
more
to a legitimate user without knowledge of their credentials.
Deeper analysisAI
CVE-2025-54955 is a critical race condition vulnerability (CWE-362) in the FireEdge component of OpenNebula Community Edition (CE) versions before 7.0.0 and Enterprise Edition (EE) versions before 6.10.3. It enables an unauthenticated attacker to obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowing their credentials, resulting in full account takeover. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-08-03.
An unauthenticated attacker can exploit this race condition remotely over the network with high attack complexity. By timing the race appropriately, the attacker impersonates a legitimate user via the stolen JWT, gaining complete control over that user's account privileges within the OpenNebula environment.
OpenNebula's release notes for EE 6.10.3 and the commit 81058d9705e7ac619d294423de28b76d88f613b6 in the GitHub repository address and resolve the issue, as does the CE 7.0.0 release. Practitioners should upgrade to OpenNebula CE 7.0.0 or EE 6.10.3 to mitigate the vulnerability.
A public proof-of-concept is available at https://github.com/Stolichnayer/OpenNebula-Account-Takeover, highlighting the need for prompt patching.
Details
- CWE(s)