Cyber Resilience

CVE-2025-29789

MediumPublic PoC

Published: 25 March 2025

Published
25 March 2025
Modified
06 May 2025
KEV Added
Patch
CVSS Score v4 4.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0009 26.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29789 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Open-Emr Openemr. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-29789 is a directory traversal vulnerability (CWE-22, CWE-23) in the Load Code feature of OpenEMR, a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are affected, as disclosed on 2025-03-25 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Unauthenticated attackers with network access can exploit this vulnerability through low-complexity attacks requiring no user interaction. Successful exploitation enables high-impact confidentiality violations, such as unauthorized access to sensitive files on the server, without affecting integrity or availability.

OpenEMR version 7.3.0 addresses the issue with a patch. Security practitioners should consult the GitHub security advisory at https://github.com/openemr/openemr/security/advisories/GHSA-ffpq-2wqj-v8ff and the fixing commit at https://github.com/openemr/openemr/commit/ef3bb7f84ebe8ef54d55416e587ec2fefd065489 for implementation details and upgrade guidance.

EU & UK References

Vulnerability details

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Directory traversal in a network-accessible web app (OpenEMR) directly enables unauthenticated exploitation of public-facing applications (T1190) and unauthorized reading of arbitrary local system files (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24848Same product: Open-Emr Openemr
CVE-2026-24849Same product: Open-Emr Openemr
CVE-2026-33918Same product: Open-Emr Openemr
CVE-2026-25164Same product: Open-Emr Openemr
CVE-2026-33914Same product: Open-Emr Openemr
CVE-2026-34056Same product: Open-Emr Openemr
CVE-2026-33913Same product: Open-Emr Openemr
CVE-2026-25147Same product: Open-Emr Openemr
CVE-2026-24908Same product: Open-Emr Openemr
CVE-2026-25146Same product: Open-Emr Openemr

Affected Assets

open-emr
openemr
≤ 7.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates user-supplied file paths in OpenEMR's Load Code feature to prevent directory traversal exploitation.

prevent

Requires timely remediation by applying the OpenEMR 7.3.0 patch that specifically fixes the directory traversal vulnerability.

prevent

Enforces approved authorizations to restrict Load Code feature access to only intended files, blocking unauthorized sensitive file reads.

References