Home / Vulnerability Intelligence / CVE-2025-68277

CVE-2025-68277 - Vulnerability Analysis

MediumCVSS: 5.0

Last Updated: February 25, 2026

OpenEMR - Open Redirect

Published: February 25, 2026Updated: February 25, 2026PoC Available

Overview

OpenEMR < 7.0.4 contains an open redirect caused by insecure handling of links in Secure Messaging, letting attackers perform phishing by redirecting users within the portal, exploit requires user interaction.

Severity & Score

Severity: Medium

CVSS Score: 5.0

Impact

Attackers can perform phishing attacks by redirecting users to malicious sites within the portal.

Mitigation

Update to version 7.0.4 or later.

References

https://github.com/openemr/openemr/commit/11ec62d1683571a629734fba66f7fb68d0bdc312
https://github.com/openemr/openemr/security/advisories/GHSA-566c-8c52-2jch

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-68277
Severity: Medium
CVSS Score: 5.0
Type: open_redirect
Status: confirmed

CWE

CWE-451

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N