CVE-2025-68277
MEDIUMOpenEMR < 7.0.4 - User Interface Misrepresentation via Secure Messaging Link Handling
Title source: llmDescription
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0.4 patches the issue.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/openemr/openemr/security/advisories/GHSA-566c-8c52-2jch
Scores
CVSS v3
5.0
EPSS
0.0016
EPSS Percentile
5.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-451
Status
published
Products (1)
open-emr/openemr
< 7.0.4
Published
Feb 25, 2026
Tracked Since
Feb 25, 2026