Home > Vulnerability Database > CVE-2025-46823

Mend.io Vulnerability Database

CVE-2025-46823

Good to know:

Date: May 29, 2025

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.

Severity Score

9.1

Related Resources (4)

Url: https://github.com/openmrs/openmrs-module-fhir2/releases/tag/2.5.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46823

Url: https://github.com/openmrs/openmrs-module-fhir2/security/advisories/GHSA-g5vq-w8v2-4x9j

Url: https://www.mend.io/vulnerability-database/CVE-2025-46823

Severity Score

9.1

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version https://github.com/openmrs/openmrs-module-fhir2.git - 2.5.0

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46823

Good to know:

Date: May 29, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?