CVE-2025-32967 – OpenEMR Password Change Event Logging Bypass Vulnerability

CVE ID : CVE-2025-32967

Published : May 23, 2025, 4:15 p.m. | 1 hour, 4 minutes ago

Description : OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…