Email Reassignment Issue in OpenML Web Application by OpenML
CVE-2025-55795

Currently unrated

Key Information:

Vendor: OpenML
Status: openml/openml.org
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-55795?

The OpenML web application, specifically version v2.0.20241110, suffers from a significant vulnerability due to the use of incremental user IDs and inadequate email ownership verification during email changes. An attacker, who is authenticated as a user with a lower ID, can exploit this flaw to change their email to that of another user with a higher ID. This malicious action results in the victim's email being redirected to the attacker's account, effectively locking the victim out of their own account and leading to persistent denial of service. Although the attacker does not gain direct access to sensitive data, the inability for the original user to log in presents a serious disruption.

References

https://github.com/openml

https://github.com/openml/openml.org

https://github.com/openml/openml.org/security/advisories/...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Aug 16, 2025

JSON