Opal CVE-2025-27792
Lifecycle Timeline
2DescriptionCVE.org
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using <meta name="referrer" content="never">, effectively bypassing this protection. Version 5.1.1 contains a patch for the issue.
AnalysisAI
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using <meta name="referrer" content="never">, effecti...
Technical ContextAI
This vulnerability (CWE-352: Cross-Site Request Forgery (CSRF)) affects s core database application for biobanks or epidemiological studies.. Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using <meta name="referrer" content="never">, effectively bypassing this protection. Version 5.1.1 contains a patch for the issue.
Affected ProductsAI
Product: s core database application for biobanks or epidemiological studies.. Versions: up to 5.1.1.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today