{"id":"CVE-2025-54791","summary":"OMERO.web displays unecessary user information when requesting to reset the password","details":"OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.","aliases":["GHSA-gpmg-4x4g-mr5r"],"modified":"2026-04-02T12:54:20.951867Z","published":"2025-08-13T14:08:19.607Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54791.json","cwe_ids":["CWE-209"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54791.json"},{"type":"ADVISORY","url":"https://github.com/ome/omero-web/security/advisories/GHSA-gpmg-4x4g-mr5r"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54791"},{"type":"FIX","url":"https://github.com/ome/omero-web/commit/8aa2789e8f759c73f1517abe9a0abd44e86644ad"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ome/omero-web","events":[{"introduced":"0"},{"fixed":"dc0d6759b137e781613b5158f8f33932a24f9837"}]}],"versions":["v5.11.0","v5.11.0.rc1","v5.12.0","v5.12.1","v5.13.0","v5.14.0","v5.14.0.rc1","v5.14.1","v5.15.0","v5.16.0","v5.17.0","v5.18.0","v5.19.0","v5.20.0","v5.21.0","v5.22.0","v5.22.1","v5.23.0","v5.24.0","v5.25.0","v5.26.0","v5.27.0","v5.27.1","v5.27.2","v5.28.0","v5.29.0","v5.29.1","v5.5.dev1","v5.5.dev2","v5.6.0","v5.6.1","v5.6.2","v5.6.3","v5.6.dev1","v5.6.dev2","v5.6.dev3","v5.6.dev4","v5.6.dev5","v5.6.dev6","v5.6.dev7","v5.7.0","v5.7.1","v5.8.0","v5.8.1","v5.9.0","v5.9.1","v5.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54791.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}