← Back

CVE-2026-25127

nvd nist
Published: Feb 25, 2026Modified: Feb 25, 2026

JSON object

Loading...
7.0
Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security-advisories@github.com (Secondary)

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.

Affected (1)

Products: Open Emr: Openemr
Open Emr
1 product
Openemr
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openemr
Before 8.0.0

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.