CVE-2025-32967

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.3.4

Description A logging oversight in OpenEMR allows password change events to go unrecorded on the client-side log viewer. This prevents administrators from auditing critical actions, weakening traceability and opening the system to undetectable misuse by insiders or attackers.

Recommendations For versions prior to 7.0.3.4, update to version 7.0.3.4 to resolve the issue. As a temporary workaround, consider closely monitoring system activity and user actions to detect potential misuse until the update can be applied. Restrict access to sensitive areas of the application to minimize the risk of exploitation.