CVE-2026-25929

OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval

CVSS 6.5 MEDIUMEPSS 0.3%CWE-639

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient’s photo by document ID or patient ID without verifying that the current user is authorized to access that patient. An authenticated user with document ACL can supply another patient’s ID and retrieve their photo. Version 8.0.0 fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

openemr · openemr

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/openemr/openemr/commit/fc4d00ecb63561dacd23cb1fed49c64bd1a83258 https://github.com/openemr/openemr/security/advisories/GHSA-778w-r8rm-8qhq