Directory Traversal Vulnerability in OpenEMR by OpenEMR
CVE-2025-29789

4.6MEDIUM

Key Information:

Vendor: Openemr
Status: Openemr
Vendor: CVE Published:; 25 March 2025

What is CVE-2025-29789?

OpenEMR, a widely-used free and open-source electronic health records and practice management system, is susceptible to a directory traversal vulnerability in its Load Code feature. This flaw allows attackers to exploit the system by accessing unintended files and directories. OpenEMR versions prior to 7.3.0 are affected. A patch has been released in version 7.3.0, addressing this critical issue and safeguarding users' sensitive healthcare data.

Affected Version(s)

openemr < 7.3.0

References

https://github.com/openemr/openemr/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/openemr/openemr/commit/ef3bb7f84ebe8ef...

x_refsource_MISC

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 11, 2025

Openemr

What is CVE-2025-29789?

Affected Version(s)

References

CVSS V4

Timeline