PT-2025-32994 · Omero.Web · Omero.Web
Published
2025-08-13
·
Updated
2025-08-13
·
CVE-2025-54791
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OMERO.web versions prior to 5.29.2
Description:
OMERO.web provides a web-based client and plugin infrastructure. If an error occurred when resetting a user's password using the Forgot Password option, the error message displayed on the webpage could disclose user information.
Recommendations:
Upgrade to version 5.29.2 or later.
As a workaround, disable the Forgot password option in OMERO.web using the
omero.web.show forgot password configuration property.Exploit
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Omero.Web