Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 27, 2026

OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal

CVE-2025-68277

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0.4 patches the issue.

Affected products

Openemr/Openemrv5
Range: < 7.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/openemr/openemr/commit/11ec62d1683571a629734fba66f7fb68d0bdc312mitrex_refsource_MISC
github.com/openemr/openemr/security/advisories/GHSA-566c-8c52-2jchmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000