Main Vulnerability Database Vulnerabilities #VU127321

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-25745

Published: April 23, 2026

Vulnerability identifier: #VU127321

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-25745

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenEMR

Affected software:
OpenEMR

Detailed vulnerability description

The vulnerability allows a remote user to modify any patient's messages or notes.

The vulnerability exists due to improper access control in the message/patient note update handler when handling update requests for message or note IDs. A remote user can send a crafted update request with another patient's message or note ID to modify any patient's messages or notes.

The issue affects the REST or AJAX update path and does not require user interaction.

How to mitigate CVE-2026-25745

Install security update from vendor's website.

Sources

https://github.com/openemr/openemr/security/advisories/GHSA-jm78-x5p7-52qh

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-25745

Detailed vulnerability description

How to mitigate CVE-2026-25745

Sources

Please verify you're human