How to fix CVE-2025-69231?

Within 24 hours: Inventory all OpenEMR instances and isolate any non-critical systems from production networks pending patch deployment. Within 7 days: Apply the vendor patch to all OpenEMR systems in production; coordinate with clinical staff to minimize downtime during off-hours. Within 30 days: Conduct security validation testing on patched systems and perform forensic audit logs to determine if the vulnerability was exploited prior to patching.

Is Openemr affected by CVE-2025-69231?

OpenEMR installations are vulnerable to a HIGH severity exploit (CVE-2025-69231, CVSS 8.7) that is actively being exploited in the wild. Healthcare organizations running this EHR system face immediate risk of data breach, patient privacy violations, and operational disruption.

CVE-2025-69231

HIGH

2026-02-25 [email protected]

8.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 25, 2026 - 17:01 vuln.today

Public exploit code

Patch Released

Feb 25, 2026 - 17:01 nvd

Patch available

CVE Published

Feb 25, 2026 - 02:16 nvd

HIGH 8.7

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript that executes when other users view the form. This enables session hijacking, account takeover, and privilege escalation from clinician to administrator. Version 8.0.0 fixes the issue.

Analysis

OpenEMR is a free and open source electronic health records and medical practice management application. [CVSS 8.7 HIGH]

Technical Context

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Openemr. OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript that executes when other users view the form. This enables session hijacking, account takeover, and privilege escalation from clinician to administrator. Version 8.0.0 fixes the issue.

Affected Products

Vendor: Open-Emr. Product: Openemr. Versions: up to 8.0.0.

Remediation

A vendor patch is available — apply it immediately. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-69231 vulnerability details – vuln.today

Back

CVE-2025-69231

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-69231

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code