CVE-2026-25127 PUBLISHED

OpenEMR has Broken Access Control on Care Coordination Module

Assigner: GitHub_M
Reserved: 29.01.2026 Published: 25.02.2026 Updated: 25.02.2026

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
CVSS Score: 7

Product Status

Vendor openemr
Product openemr
Versions
  • Version < 8.0.0 is affected

References

Problem Types

  • CWE-863: Incorrect Authorization CWE