{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T14:18:51.772","vulnerabilities":[{"cve":{"id":"CVE-2025-32967","sourceIdentifier":"security-advisories@github.com","published":"2025-05-23T16:15:25.453","lastModified":"2025-07-02T00:41:37.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue."},{"lang":"es","value":"OpenEMR es una aplicación gratuita y de código abierto para la gestión de historiales médicos electrónicos y consultorios médicos. Un error de registro en versiones anteriores a la 7.0.3.4 permite que los cambios de contraseña no se registren en el visor de registros del cliente, lo que impide a los administradores auditar acciones críticas. Esto debilita la trazabilidad y expone el sistema a un uso indebido imperceptible por parte de usuarios internos o atacantes. La versión 7.0.3.4 incluye un parche para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-778"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.3.4","matchCriteriaId":"D1D87CF1-6A62-4803-B70B-0286F6398043"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-7qj6-jxfc-xw4v","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}