Security Advisory

CVE-2025-67752

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-25 01:09:20

Last updated 2026-02-27 17:30:42

Assigner GitHub_M

State PUBLISHED

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMRs HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`), making all external HTTPS connections vulnerable to man-in-the-middle (MITM) attacks. This affects communication with government healthcare APIs and user-configurable external services, potentially exposing Protected Health Information (PHI). Version 7.0.4 fixes the issue.

← Browse all CVEs View on cve.org ↗