Home / Vulnerability Intelligence / CVE-2025-67491

CVE-2025-67491 - Vulnerability Analysis

MediumCVSS: 5.4

Last Updated: February 25, 2026

OpenEMR - Stored XSS

Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable

Overview

OpenEMR 5.0.0.5 through 7.0.3.4 contains a stored cross-site scripting caused by improper sanitization of the $data variable in the ub04 helper of the billing interface, letting low privileged users embed malicious JavaScript, exploit requires low privileged user access.

Severity & Score

Severity: Medium

CVSS Score: 5.4

Impact

Low privileged users can execute malicious JavaScript to steal session cookies and perform unauthorized actions as administrators.

Mitigation

Update to version 7.0.4 or later.

References

https://github.com/openemr/openemr/blob/a65b11d8b8e973b8758ce0dc3efb4b6ec0466d85/interface/billing/ub04_helpers.php#L52-L60
https://github.com/openemr/openemr/security/advisories/GHSA-5fq8-jwvw-3m5w
https://github.com/openemr/openemr/commit/66a11c2d72ade16c4a908cd839d27cd7b261f97a

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-67491
Severity: Medium
CVSS Score: 5.4
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N