Email Reassignment Issue in OpenML Web Application by OpenML
CVE-2025-55795

3.5LOW

Key Information:

Vendor: OpenML
Status: openml/openml.org
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-55795?

The OpenML web application, specifically version v2.0.20241110, suffers from a significant vulnerability due to the use of incremental user IDs and inadequate email ownership verification during email changes. An attacker, who is authenticated as a user with a lower ID, can exploit this flaw to change their email to that of another user with a higher ID. This malicious action results in the victim's email being redirected to the attacker's account, effectively locking the victim out of their own account and leading to persistent denial of service. Although the attacker does not gain direct access to sensitive data, the inability for the original user to log in presents a serious disruption.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/openml

https://github.com/openml/openml.org

https://github.com/openml/openml.org/security/advisories/...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Aug 16, 2025

JSON

OpenML

What is CVE-2025-55795?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.