CVE-2025-68277

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4

Description OpenEMR is an electronic health records and medical practice management application. Prior to version 7.0.4, clicking a link sent via Secure Messaging opens the website within the OpenEMR/Portal site, which could be exploited for phishing attacks. The application does not sanitize or validate the URLs within secure messages. This allows an attacker to craft a malicious link that appears legitimate within the OpenEMR interface, potentially leading users to enter sensitive information on a fraudulent website. The vulnerable functionality involves the handling of links within the Secure Messaging feature.

Recommendations Update to version 7.0.4 or later.