Vulnerability Details CVE-2025-54791
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.1%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2025-54791
-
cpe:2.3:a:openmicroscopy:omero-web:-
-
cpe:2.3:a:openmicroscopy:omero-web:5.11.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.5
-
cpe:2.3:a:openmicroscopy:omero-web:5.6
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.2
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.3
-
cpe:2.3:a:openmicroscopy:omero-web:5.7.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.7.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.8.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.8.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.9.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.9.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.9.2