Cyber Resilience

CVE-2025-32794

HighPublic PoC

Published: 23 May 2025

Published
23 May 2025
Modified
02 July 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
EPSS Score 0.0209 84.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32794 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Open-Emr Openemr. Its CVSS base score is 7.6 (High).

Operationally, ranked in the top 15.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

OpenEMR is a free and open source electronic health records and medical practice management application that contains a stored cross-site scripting vulnerability in versions prior to 7.0.3.4. The flaw, tracked as CVE-2025-32794 and assigned CWE-79, permits injection of arbitrary JavaScript through the First and Last Name fields on the patient registration page; the payload is later rendered when an encounter is viewed under Orders → Procedure Orders. The issue carries a CVSS 3.1 score of 7.6.

An authenticated user who possesses patient creation privileges can store the malicious script, which then executes in the browser of any user who subsequently views the affected encounter. Successful exploitation can result in theft of session tokens or other sensitive data displayed within the application, with the attack vector requiring only low attack complexity and limited user interaction.

The GitHub Security Advisory GHSA-3c27-2m7h-f7rx states that version 7.0.3.4 contains the fix for the stored XSS issue. The EPSS score remains flat at 0.0209 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into…

more

the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

open-emr
openemr
≤ 7.0.3.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References