VYPR
Unrated severityOSV Advisory· Published Jan 27, 2026· Updated Jan 28, 2026

OpenEMR may expose Contents of Clinical Notes and Care Planto users who do not have Sensitivities=high privilege

CVE-2025-54373

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has Sensitivity=high, can be viewed and changed by users who do not have Sensitivities=high privilege. Version 7.0.4 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openemr/OpenemrOSV2 versions
    v2_7_2, v2_7_2-rc1, v2_7_2-rc2, …+ 1 more
    • (no CPE)range: v2_7_2, v2_7_2-rc1, v2_7_2-rc2, …
    • (no CPE)range: <7.0.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.