CVE-2025-67645

EUVD-2025-206415

28.01.2026, 00:15

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_M	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Affected Products (NVD)

Vendor	Product	Version
open-emr	openemr	7.0.3

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/openemr/openemr/security/advisories/GHSA-vjmv-cf46-gffv

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://github.com/openemr/openemr/commit/e2a682ee71aac71a9f04ae566f4ffca10052bc4a

https://github.com/openemr/openemr/security/advisories/GHSA-vjmv-cf46-gffv