CVE-2025-55796

{"id": "CVE-2025-55796", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-11-18T17:16:04.270", "references": [{"url": "https://github.com/openml", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/openml/openml.org", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/openml/openml.org/security/advisories/GHSA-xfjh-gf9p-8qr6", "tags": ["Vendor Advisory", "Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted as \"%d %H:%M:%S\" without incorporating any user-specific data or cryptographic randomness. This predictability allows remote attackers to brute-force valid tokens within a small time window, enabling unauthorized account confirmation, password resets, and email change approvals, potentially leading to account takeover."}], "lastModified": "2026-01-08T17:05:35.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openml:openml.org:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD59856B-8D8C-4BB9-9703-F6F804713C8C", "versionEndIncluding": "2.0.20241110"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}