CVE-2025-55795

Name of the Vulnerable Software and Affected Versions openml/openml.org web application version v2.0.20241110

Description The web application exhibits a flaw where insufficient email ownership verification during email update workflows, combined with incremental user IDs, allows an authenticated attacker to update their email address to that of another user with a higher user ID without proper verification. This results in the victim’s email being reassigned to the attacker’s account, leading to immediate account lockout for the victim and preventing them from logging in. The issue causes a denial of service through account lockout and does not provide the attacker with direct access to the victim’s private data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.