CVE-2026-25127
- Source
- https://cve.org/CVERecord?id=CVE-2026-25127
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25127.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-25127
- Aliases
-
- GHSA-69cv-rv28-4g85
- Published
- 2026-02-25T01:53:15.570Z
- Modified
- 2026-04-02T13:14:06.761653Z
- Severity
-
- 7.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator
- Summary
- OpenEMR has Broken Access Control on Care Coordination Module
- Details
-
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25127.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-863" ] }- References
Affected packages
Git / github.com/openemr/openemr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openemr/openemr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
MAIN
new_demographics_progress_snapshot
throttle_down_7_0_2_1
v2_7_2
v2_7_2-rc1
v2_7_2-rc2
v2_7_3-rc1
v2_8_0
v2_8_1
v2_8_2
v2_8_3
v2_9_0
v3_0_0
v3_0_1
v3_1_0
v3_2_0
v4_0_0
v4_1_0
v4_1_1
v4_1_2
v4_1_2_3
v4_1_2_6
v4_1_2_7
v4_2_0
v4_2_0_3
v4_2_1
v4_2_2
v5_0_0
v5_0_0_5
v5_0_0_6
v5_0_1
v5_0_1_1
v5_0_1_2
v5_0_1_3
v5_0_1_4
v5_0_1_5
v5_0_1_6
v5_0_1_7
v5_0_2
v5_0_2_1
v5_0_2_2
v5_0_2_3
v5_0_2_4
v6_0_0
v6_0_0_1
v6_0_0_2
v6_0_0_3
v6_0_0_4
v6_1_0
v6_1_0_1
v7_0_0
v7_0_0_1
v7_0_0_2
v7_0_1
v7_0_1_1
v7_0_2
v7_0_2_1
v7_0_2_2
v7_0_2_3
v7_0_3
v7_0_3_1
v7_0_3_2
v7_0_3_3
v7_0_3_4
v7_0_4
whats-been-changed