CVE-2026-25146

CRITICAL

OpenEMR 5.0.2-7.9.9 - Info Disclosure

Title source: llm

Description

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.

References (4)

[Vendor Advisory] https://github.com/openemr/openemr/security/advisories/GHSA-2hq8-wc73-jvvq

[Patch] https://github.com/openemr/openemr/commit/fe6341496dc82d5b4f5a3f35891bb2e2481f3b25

View Patch ZIP pw:eip

[Third Party Advisory] https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/interface/patient_file/front_payment.php#L765

[Third Party Advisory] https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/portal/portal_payment.php#L537

Scores

CVSS v3 9.6

EPSS 0.0002

EPSS Percentile 6.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-200

Status published

Products (1)

open-emr/openemr 5.0.2 - 8.0.0

Published Mar 03, 2026

Tracked Since Mar 04, 2026