CVE-2025-31117
Published: 31 March 2025
Summary
CVE-2025-31117 is a medium-severity SSRF (CWE-918) vulnerability in Open-Emr Openemr. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
OpenEMR, a free and open source electronic health records and medical practice management application, is affected by an out-of-band server-side request forgery vulnerability tracked as CVE-2025-31117. The flaw, classified under CWE-918, allows an attacker to force the server to issue unauthorized requests to external or internal resources; unlike classic SSRF, it does not return a direct response but can still be leveraged through DNS or HTTP callbacks.
An unauthenticated remote attacker can exploit the issue over the network to exfiltrate sensitive information by inducing the server to interact with attacker-controlled infrastructure, achieving limited confidentiality impact without requiring user interaction or elevated privileges.
The vulnerability is fixed in OpenEMR version 7.0.3.1, according to the project’s GitHub security advisory and the associated commit that resolves the flaw. The EPSS score remains low, with a current value of 0.0115 and a peak of 0.0185.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8861
Vulnerability details
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external…
more
or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB SSRF in public-facing OpenEMR enables initial access via app exploitation (T1190), forces server requests for internal system/service discovery (T1018, T1046), and supports exfiltration of config/network data via attacker-controlled HTTP/DNS OOB channels (T1567).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the SSRF vulnerability by applying the vendor-released patch in OpenEMR version 7.0.3.1.
Validates and sanitizes user inputs to block malicious URLs or parameters that could trigger unauthorized server-side requests to internal or external resources.
Implements network boundary protections such as firewalls or proxies to restrict the application's outbound connections to only whitelisted destinations, preventing SSRF exfiltration.