CVE-2025-25928

Name of the Vulnerable Software and Affected Versions: Openmrs version 2.4.3 Build 0ff0ed

Description: A Cross-Site Request Forgery (CSRF) issue in the /admin/users/user.form component allows attackers to execute arbitrary operations via a crafted GET request.

Recommendations: For Openmrs version 2.4.3 Build 0ff0ed, consider restricting access to the /admin/users/user.form component until a patch is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.