PT-2025-23187 · Openmrs · Openmrs-Module-Fhir2
Gracepotmap
·
Published
2025-05-29
·
Updated
2025-05-29
·
CVE-2025-46823
CVSS v4.0
8.0
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
Name of the Vulnerable Software and Affected Versions
openmrs-module-fhir2 versions prior to 2.5.0
Description
The issue concerns the openmrs-module-fhir2, which provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions prior to 2.5.0, privileges were not always correctly checked, allowing unauthorized users to potentially add or edit data they were not supposed to access.
Recommendations
For openmrs-module-fhir2 versions prior to 2.5.0, update to FHIR2 2.5.0 or newer as soon as feasible to receive a patch.
Exploit
Fix
LPE
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openmrs-Module-Fhir2