CVE-2025-54791
MEDIUMOMERO.web < 5.29.2 - Information Disclosure via Forgot Password Error Message
Title source: llmDescription
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ome/omero-web/security/advisories/GHSA-gpmg-4x4g-mr5r
Patch x_refsource_misc
https://github.com/ome/omero-web/commit/8aa2789e8f759c73f1517abe9a0abd44e86644ad
Scores
CVSS v3
5.3
EPSS
0.0024
EPSS Percentile
15.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-209
Status
published
Products (2)
openmicroscopy/omero-web
< 5.29.2
pypi/omero-web
0 - 5.29.2PyPI
Published
Aug 13, 2025
Tracked Since
Feb 18, 2026