High severityOSV Advisory· Published May 29, 2025· Updated Apr 15, 2026

CVE-2025-46823

Description

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.

Affected products

Openmrs/Openmrs Module Fhir2OSV
Range: 0.5.0-ALPHA.1, 1.0.0, 1.1.0, …

Patches

1be0add9b730

https://github.com/openmrs/openmrs-module-fhir2via osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/openmrs/openmrs-module-fhir2/releases/tag/2.5.0nvd
github.com/openmrs/openmrs-module-fhir2/security/advisories/GHSA-g5vq-w8v2-4x9jnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000