cbcvebase.
CVE-2025-67752
published 2026-02-25

CVE-2025-67752: OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper…

PriorityP344high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.23%
14.1th percentile
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`), making all external HTTPS connections vulnerable to man-in-the-middle (MITM) attacks. This affects communication with government healthcare APIs and user-configurable external services, potentially exposing Protected Health Information (PHI). Version 7.0.4 fixes the issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
open-emropenemr< 7.0.47.0.4
openemropenemr< 7.0.47.0.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.