Omero Web
CVE-2025-54791
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.
AnalysisAI
OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-209. OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. Affected products include: Openmicroscopy Omero-Web. Version information: version 5.29.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
OMERO.web is open source Django-based software for managing microscopy imaging. Rated medium severity (CVSS 6.5), this v
OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 6.1), this vulnerability is
OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 6.1), this vulnerability is
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query paramet
OMERO.web is open source Django-based software for managing microscopy imaging. Rated medium severity (CVSS 5.4), this v
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today