CVE-2025-43860 in OpenEMR
Summary
by MITRE • 05/23/2025
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/02/2025
This vulnerability exists within the OpenEMR medical practice management system, a widely used electronic health records platform that handles sensitive patient information. The stored cross-site scripting flaw represents a critical security weakness that allows authenticated users with appropriate privileges to inject malicious JavaScript code into patient records. The vulnerability specifically targets the patient demographics section where users can add or modify contact information including address fields and additional address options. The affected areas include text box fields for Address, Address Line 2, Postal Code, and City, as well as dropdown menu selections for Address Use, State, and Country within the Additional Addresses section. This vulnerability falls under CWE-79 which categorizes cross-site scripting flaws as weaknesses in input validation and output encoding. The security impact is particularly concerning given that OpenEMR systems often contain highly sensitive patient health information, making them attractive targets for attackers seeking to exploit such vulnerabilities for data exfiltration or system compromise.
The technical execution of this vulnerability occurs through two distinct operational scenarios that amplify its threat potential. During active form input, malicious JavaScript code can execute immediately when users enter crafted payloads into the vulnerable text fields or select malicious options from the dropdown menus. This dynamic execution allows attackers to potentially hijack user sessions or redirect victims to malicious websites while they interact with the system. More significantly, the stored nature of the vulnerability means that the injected scripts persist in the database and execute whenever the form data is later loaded for editing, creating a latent threat that can affect any user who accesses the compromised patient records. This dual execution model aligns with ATT&CK technique T1566 which covers social engineering tactics involving malicious content delivery, while the persistent nature of the stored XSS maps to ATT&CK's T1059.901 which covers scripting languages for execution, and T1531 which addresses unauthorized modification of files and systems.
The operational impact of this vulnerability extends beyond simple code injection as it creates multiple attack vectors for potential exploitation. Any authenticated user with patient creation and editing privileges can leverage this weakness, which means that both legitimate users and potential insider threats could exploit it. The vulnerability affects the core patient demographics functionality that is fundamental to medical practice management, making it a high-value target for attackers seeking to compromise patient data integrity. When combined with other potential vulnerabilities in healthcare systems, this XSS flaw could enable attackers to access sensitive medical records, manipulate patient information, or even redirect users to phishing sites designed to capture additional credentials. The patch provided in version 7.0.3.4 addresses the root cause by implementing proper input sanitization and output encoding mechanisms that prevent malicious scripts from being stored or executed within the application's data handling processes. Organizations using OpenEMR should prioritize immediate upgrade to version 7.0.3.4 or later, while implementing additional security controls such as web application firewalls, regular security scanning, and user access monitoring to detect potential exploitation attempts. The vulnerability highlights the critical importance of input validation in healthcare applications where data integrity and patient privacy are paramount concerns, and demonstrates how seemingly minor flaws in form handling can create significant security risks in environments containing sensitive personal health information.