PT-2026-5033 · Openemr · Openemr
Published
2026-01-27
·
Updated
2026-02-12
·
CVE-2025-54373
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenEMR versions prior to 7.0.4
Description
OpenEMR is an electronic health records and medical practice management application. Versions before 7.0.4 allow users without appropriate privileges to view and modify sensitive information within Clinical Notes and Care Plans when an encounter has a high sensitivity level. The
Sensitivity setting determines access control to encounter data.Recommendations
Update to version 7.0.4 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openemr