OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue.
References
Link | Resource |
---|---|
https://github.com/openemr/openemr/security/advisories/GHSA-7qj6-jxfc-xw4v | Exploit Vendor Advisory |
Configurations
History
02 Jul 2025, 00:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/openemr/openemr/security/advisories/GHSA-7qj6-jxfc-xw4v - Exploit, Vendor Advisory | |
CPE | cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* | |
First Time |
Open-emr
Open-emr openemr |
28 May 2025, 14:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 May 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-23 16:15
Updated : 2025-07-02 00:41
NVD link : CVE-2025-32967
Mitre link : CVE-2025-32967
CVE.ORG link : CVE-2025-32967
JSON object : View
Products Affected
open-emr
- openemr
CWE
CWE-778
Insufficient Logging