anonhaven
Ad

CVE-2026-25127

HIGH CVSS 4.0: 7.0 EPSS 0.11%
Updated Feb 25, 2026
Open-Emr
Parameter Value
CVSS 7.0 (HIGH)
Affected Versions before 8.0.0
Fixed In 8.0.0
Type CWE-863 (Incorrect Authorization)
Vendor Open-Emr
Public PoC No

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users.

Version 8.0.0 fixes the issue.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Open-Emr Openemr
cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
 8.0.0

References 2

https://github.com/openemr/openemr/commit/ad902d6892482fff2e3c56bfb15597df8b6c3…
security-advisories@github.com
https://github.com/openemr/openemr/security/advisories/GHSA-69cv-rv28-4g85
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-34056

Open-Emr

6.5

CVE-2026-34055

Open-Emr

6.3

CVE-2026-34053

Open-Emr

8.1

CVE-2026-34051

Open-Emr

5.4

CVE-2026-33934

Open-Emr

4.3