PT-2025-31757 · Fireedge+1 · Fireedge+2
Alex Perrakis
+1
·
Published
2025-08-02
·
Updated
2025-08-04
·
CVE-2025-54955
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenNebula Community Edition (CE) versions prior to 7.0.0
OpenNebula Enterprise Edition (EE) versions prior to 6.10.3
Description
A critical race condition exists in FireEdge that can lead to full account takeover. An unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowing their credentials. A JWT is a compact, URL-safe means of representing claims to be transferred between two parties.
Recommendations
Update OpenNebula Community Edition (CE) to version 7.0.0 or later.
Update OpenNebula Enterprise Edition (EE) to version 6.10.3 or later.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fireedge
Opennebula Community Edition
Opennebula Enterprise Edition