icon

We found results for “

CVE-2025-46823

Good to know:

icon

Date: May 29, 2025

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.

Severity Score

Severity Score

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/openmrs/openmrs-module-fhir2.git - 2.5.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us