anonhaven
Ad

CVE-2025-68277

HIGH CVSS 4.0: 7.2 EPSS 0.00%
Updated Feb 25, 2026
Open-Emr
Parameter Value
CVSS 7.2 (HIGH)
Affected Versions before 7.0.4
Fixed In 7.0.4
Type CWE-451
Vendor Open-Emr
Public PoC No

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing.

Version 7.0.4 patches the issue.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
High
Difficult to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
Active
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-451

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Open-Emr Openemr
cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
 7.0.4

References 2

https://github.com/openemr/openemr/commit/11ec62d1683571a629734fba66f7fb68d0bdc…
security-advisories@github.com
https://github.com/openemr/openemr/security/advisories/GHSA-566c-8c52-2jch
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-34056

Open-Emr

6.5

CVE-2026-34055

Open-Emr

6.3

CVE-2026-34053

Open-Emr

8.1

CVE-2026-34051

Open-Emr

5.4

CVE-2026-33934

Open-Emr

4.3