VYPR
Unrated severityNVD Advisory· Published May 23, 2025· Updated May 23, 2025

OpenEMR doesn't log password administration properly

CVE-2025-32967

Description

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openemr/Openemrllm-fuzzy2 versions
    <7.0.3.4+ 1 more
    • (no CPE)range: <7.0.3.4
    • (no CPE)range: < 7.0.3.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.