CVE-2025-29789

HIGH

Open-emr Openemr < 7.0.3 - Path Traversal

Title source: rule

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.

References (2)

[Exploit, Vendor Advisory] https://github.com/openemr/openemr/security/advisories/GHSA-ffpq-2wqj-v8ff

[Patch] https://github.com/openemr/openemr/commit/ef3bb7f84ebe8ef54d55416e587ec2fefd065489

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0023

EPSS Percentile 45.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-23

Status published

Products (1)

open-emr/openemr < 7.0.3

Published Mar 25, 2025

Tracked Since Feb 18, 2026