CVE-2025-54791
- Source
- https://cve.org/CVERecord?id=CVE-2025-54791
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54791.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54791
- Aliases
- Published
- 2025-08-13T14:08:19.607Z
- Modified
- 2026-04-02T12:54:20.951867Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- OMERO.web displays unecessary user information when requesting to reset the password
- Details
-
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.showforgotpassword configuration property.
- Database specific
{ "cwe_ids": [ "CWE-209" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54791.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/ome/omero-web
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ome/omero-web
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v5.*
v5.11.0
v5.11.0.rc1
v5.12.0
v5.12.1
v5.13.0
v5.14.0
v5.14.0.rc1
v5.14.1
v5.15.0
v5.16.0
v5.17.0
v5.18.0
v5.19.0
v5.20.0
v5.21.0
v5.22.0
v5.22.1
v5.23.0
v5.24.0
v5.25.0
v5.26.0
v5.27.0
v5.27.1
v5.27.2
v5.28.0
v5.29.0
v5.29.1
v5.5.dev1
v5.5.dev2
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.dev1
v5.6.dev2
v5.6.dev3
v5.6.dev4
v5.6.dev5
v5.6.dev6
v5.6.dev7
v5.7.0
v5.7.1
v5.8.0
v5.8.1
v5.9.0
v5.9.1
v5.9.2