Stored XSS Vulnerability in OpenEMR's Bronchitis Form Component
CVE-2025-30161

8.4HIGH

Key Information:

Vendor: Openemr
Status: Openemr
Vendor: CVE Published:; 31 March 2025

What is CVE-2025-30161?

A stored Cross-Site Scripting (XSS) vulnerability exists in the Bronchitis form component of OpenEMR, an open-source electronic health record and medical practice management system. By exploiting this vulnerability, an attacker can insert malicious scripts that execute in the context of users editing the bronchitis form, potentially stealing sensitive administrative credentials. The vulnerability has been addressed in version 7.0.3 of OpenEMR, which users are strongly encouraged to upgrade to.

Affected Version(s)

openemr < 7.0.3

References

https://github.com/openemr/openemr/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/openemr/openemr/blob/17ca5539bafcdc25a...

x_refsource_MISC

https://github.com/openemr/openemr/blob/17ca5539bafcdc25a...

x_refsource_MISC

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 17, 2025

Openemr

What is CVE-2025-30161?

Affected Version(s)

References

CVSS V4

Timeline