An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user. The vulnerability is fixed in Wordpress 2.5.1
Thanks for the report. 2.5.1 is already in the tree, but still in p.mask. *** This bug has been marked as a duplicate of bug 168529 ***
This also fixed CVE-2008-2068 (XSS).