CVE-2026-25146 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: March 4, 2026
OpenEMR - Information Disclosure
Overview
OpenEMR 5.0.2 to < 8.0.0 contains an information disclosure vulnerability caused by rendering gateway_api_key secret values in plaintext to clients, letting attackers perform arbitrary money movement or account takeover, exploit requires no special privileges.
Severity & Score
Impact
Attackers can steal secret keys, enabling arbitrary money movement or broad payment gateway account takeover.
Mitigation
Update to version 8.0.0 or later.
References
- https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/interface/patient_file/front_payment.php#L765
- https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/portal/portal_payment.php#L537
- https://github.com/openemr/openemr/commit/fe6341496dc82d5b4f5a3f35891bb2e2481f3b25
- https://github.com/openemr/openemr/security/advisories/GHSA-2hq8-wc73-jvvq
Social Media Activity(1 post)
š“ CVE-2026-25146 - Critical (9.6) OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. Thes... š https://www.thehackerwire.com/vulnerability/CVE-2026-25146/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-25146
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- information_disclosure
- Status
- confirmed
- EPSS
- 4.3%
- Social Posts
- 1
CWE
- CWE-200
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N