Which versions of Openemr are affected by CVE-2025-30161?

Organizations using OpenEMR face notable risk from CVE-2025-30161 rated CVSS 8.4. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected…

Is there a public PoC exploit available for CVE-2025-30161?

Yes, a public proof-of-concept exploit is available for CVE-2025-30161. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate CVE-2025-30161?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Openemr CVE-2025-30161

Q: What is the CVSS score of CVE-2025-30161?

CVE-2025-30161 has a CVSS 4.0 base score of 8.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.5%.

HIGH

Basic XSS (CWE-80)

2025-03-31 security-advisories@github.com

XSS Openemr

8.4

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:34 vuln.today

PoC Detected

May 13, 2025 - 13:36 vuln.today

Public exploit code

CVE Published

Mar 31, 2025 - 16:15 nvd

HIGH 8.4

DescriptionGitHub Advisory

OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.

AnalysisAI

OpenEMR is a free and open source electronic health records and medical practice management application. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-80. OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3. Affected products include: Open-Emr Openemr.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-30161 vulnerability details – vuln.today

Back