CVE-2025-69231 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: February 25, 2026
OpenEMR - Stored XSS
Overview
OpenEMR < 8.0.0 contains a stored cross-site scripting vulnerability caused by improper sanitization in the GAD-7 anxiety assessment form, letting authenticated clinicians execute malicious JavaScript, leading to session hijacking and privilege escalation.
Severity & Score
Impact
Authenticated clinicians can hijack sessions, take over accounts, and escalate privileges to administrator.
Mitigation
Update to version 8.0.0 or later.
References
Social Media Activity(1 post)
š CVE-2025-69231 - High (8.7) OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clini... š https://www.thehackerwire.com/vulnerability/CVE-2025-69231/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-69231
- Severity
- High
- CVSS Score
- 8.7
- Type
- stored_xss
- Status
- confirmed
- EPSS
- 16.7%
- Social Posts
- 1
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N