CVE-2025-27101

Name of the Vulnerable Software and Affected Versions: Opal versions prior to 5.1.1

Description: The issue affects Opal, the core database application for biobanks or epidemiological studies. When copying any parent directory to a folder in the "/temp/" directory, all files in that parent directory are copied, including files that the user should not have access to. This means any user can exploit this to reveal all files in the Opal filesystem. Low-privilege users, such as DataShield users, can retrieve the files of other users.

Recommendations: For versions prior to 5.1.1, update to version 5.1.1, which includes a patch for this issue. As a temporary workaround, consider restricting access to the "/temp/" directory to minimize the risk of exploitation. Avoid using the /temp/ directory for sensitive operations until the issue is resolved.