CVE-2025-54373

High CVSS: 7.1

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has Sensitivity=high, can be viewed and changed by users who do not have Sensitivities=high privilege. Version 7.0.4 fixes the issue.

Vendor

Open-emr

Product

Openemr

CWE

CWE-200

Yayın Tarihi

2026-01-28 00:15:49

Güncelleme

2026-02-12 20:58:12

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Openemr HIGH Open-emr 2026

Referanslar

https://github.com/openemr/openemr/commit/aef3d1c85d9ff2f28d3d361d2818aee79b6dcd33 https://github.com/openemr/openemr/security/advisories/GHSA-739g-6m63-p7fr

Benzer Kayıtlar

High

CVE-2026-34053

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…

High

CVE-2026-34055

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…

High

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access…

Medium

CVE-2026-33933

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in ver…

Medium

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior…

Medium

CVE-2026-34051

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior…