Openemr
CVE-2026-25146
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.
AnalysisAI
Information disclosure in OpenEMR 5.0.2 to before 8.0.0 exposes sensitive data. PoC and patch available.
Technical ContextAI
CWE-200.
RemediationAI
Update to 8.0.0.
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to
Unauthenticated token disclosure in OpenEMR before 8.0.0. CVSS 10.0. PoC and patch available.
Path traversal in OpenEMR 7.0.4 disposeDocument() allows file access. PoC available.
Path traversal in OpenEMR electronic health records before fix allows authenticated users to read arbitrary files on the
SQL injection in OpenEMR electronic health records before fix. Authenticated users can execute arbitrary SQL through the
OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.cl
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid par
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shel
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today