← Back to CVE List

CVE-2025-27102

Published: 2025-03-17T14:15Z
Last Modified: 2025-03-17T14:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agate service account sends this email and appears trustworthy, making this a significant risk for phishing attacks. Administrative users are impacted, as they can be targeted by unauthenticated users. Version 3.3.0 fixes the issue. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt