CVE-2025-68277

MEDIUM
2026-02-25 [email protected]
5.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 25, 2026 - 17:00 vuln.today
Public exploit code
Patch Released
Feb 25, 2026 - 17:00 nvd
Patch available
CVE Published
Feb 25, 2026 - 02:16 nvd
MEDIUM 5.0

Tags

Information Disclosure Openemr

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0.4 patches the issue.

Analysis

Openemr versions up to 7.0.4 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.0).

Technical Context

This vulnerability (CWE-451: User Interface (UI) Misrepresentation of Critical Information) affects Openemr. OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0.4 patches the issue.

Affected Products

Vendor: Open-Emr. Product: Openemr. Versions: up to 7.0.4.

Remediation

A vendor patch is available — apply it immediately.

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +25
POC: +20

Share

CVE-2025-68277 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy