CVE-2026-25135
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the system/(Group,Patient,*).$export operation and system/Location.read capabilities. This vulnerability will impact OpenEMR versions since 2023. This disclosure will only occur in extremely high trust environments as it requires using a confidential client with secure key exchange that requires an administrator to enable and grant permission before the app can even be used. This will typically only occur in server-server communication across trusted clients that already have established legal agreements. Version 8.0.0 contains a patch. As a workaround, disable clients that have the vulnerable scopes and only allow clients that do not have the system/Location.read scope until a fix has been deployed.
Analysis
OpenEMR versions prior to 8.0.0 expose complete contact details for all users, organizations, and patients to authenticated attackers with specific FHIR export and location read permissions. The vulnerability requires administrator-enabled OAuth2 confidential client access, limiting exploitation to high-trust server-to-server integrations with established relationships. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today