CVE-2026-25927
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
3Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the document belongs to the current user’s authorized patient or encounter. An authenticated user can read or modify DICOM viewer state (e.g. annotations, view settings) for any document by enumerating document IDs. Version 8.0.0 fixes the issue.
Analysis
Openemr versions up to 8.0.0 is affected by authorization bypass through user-controlled key (CVSS 7.1).
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenEMR deployments and versions; disable internet-facing access or restrict to VPN only; enable logging and monitoring for unauthorized access attempts. Within 7 days: Implement network segmentation isolating OpenEMR from critical systems; conduct access logs review for suspicious activity; contact vendor for patch timeline and workarounds. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today