{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T22:31:27.510","vulnerabilities":[{"cve":{"id":"CVE-2026-25131","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T02:16:22.967","lastModified":"2026-02-25T16:56:00.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users (such as Receptionist) to add and modify procedure types without proper authorization. This vulnerability is present in the /openemr/interface/orders/types_edit.php endpoint. Version 8.0.0 contains a patch."},{"lang":"es","value":"OpenEMR es una aplicación de código abierto y gratuita para registros de salud electrónicos y gestión de consultorios médicos. Antes de la versión 8.0.0, existe una vulnerabilidad de control de acceso roto en el sistema de gestión de tipos de órdenes de OpenEMR, que permite a usuarios con pocos privilegios (como Recepcionista) añadir y modificar tipos de procedimiento sin la autorización adecuada. Esta vulnerabilidad está presente en el endpoint /openemr/interface/orders/types_edit.PHP. La versión 8.0.0 contiene un parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.0","matchCriteriaId":"FEAA9896-A42E-437C-BEE8-8DA955E34385"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/commit/1e63cbab34558bca029533f87cdb6efb1ff32c75","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-6h2m-4ppf-ph4j","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}