How to fix CVE-2025-54791?

Within 30 days: Identify affected systems running infrastructure. and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Omero Web affected by CVE-2025-54791?

Organizations using infrastructure. should be aware of moderate risk from CVE-2025-54791 rated CVSS 5.3. Exploitation could compromise the security of affected deployments. A patch is available and should be applied during regular vulnerability management.

Omero Web CVE-2025-54791

MEDIUM

Error Message Information Leak (CWE-209)

2025-08-13 [email protected]

Information Disclosure Omero Web

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:06 vuln.today

Patch released

Mar 28, 2026 - 19:06 nvd

Patch available

CVE Published

Aug 13, 2025 - 14:15 nvd

MEDIUM 5.3

DescriptionNVD

OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.

AnalysisAI

OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-209. OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. Affected products include: Openmicroscopy Omero-Web. Version information: version 5.29.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-54791 vulnerability details – vuln.today

Back

Omero Web CVE-2025-54791

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code