OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.

Basic Information

ID CVE-2025-67645

Source GitHub_M

Published Jan 27, 2026 at 23:20

Affected Product

Vendor openemr

Product openemr

Version < 7.0.4

Affected Versions openemr openemr < 7.0.4

CWE Classification

CWE-284

References

{
    "lastseen": "",
    "description": "OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user\u2019s record; the server accepts the modified IDs and applies the changes to that other user\u2019s profile. This allows one user to alter another user\u2019s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.",
    "published": "2026-01-27T23:20:18.515Z",
    "modified": "2026-01-27T23:20:18.515Z",
    "type": "cve",
    "title": "OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint",
    "source": "GitHub_M",
    "references": "https://github.com/openemr/openemr/security/advisories/GHSA-vjmv-cf46-gffv\nhttps://github.com/openemr/openemr/commit/e2a682ee71aac71a9f04ae566f4ffca10052bc4a",
    "id": "CVE-2025-67645",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "openemr openemr < 7.0.4",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "openemr",
    "version": "< 7.0.4",
    "vendor": "openemr",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint_CVE-2025-67645