CVE-2025-67752
Published: 25 February 2026
Summary
CVE-2025-67752 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Open-Emr Openemr. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 0.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-8 (Transmission Confidentiality and Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-8 requires cryptographic mechanisms to protect transmission confidentiality and integrity, directly preventing MITM attacks by mandating proper TLS certificate validation in HTTPS connections.
CM-6 enforces secure configuration settings for system components like the oeHttp wrapper, ensuring SSL/TLS certificate verification is enabled by default to block MITM vulnerabilities.
SI-2 mandates timely flaw remediation, including patching OpenEMR to version 7.0.4 or later, which fixes the disabled certificate verification issue.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper certificate validation (CWE-295) in outbound HTTPS client directly enables adversary-in-the-middle attacks on external connections.
NVD Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`), making all external HTTPS connections vulnerable to man-in-the-middle…
more
(MITM) attacks. This affects communication with government healthcare APIs and user-configurable external services, potentially exposing Protected Health Information (PHI). Version 7.0.4 fixes the issue.
Deeper analysisAI
CVE-2025-67752 affects OpenEMR, a free and open source electronic health records and medical practice management application, specifically in versions prior to 7.0.4. The vulnerability resides in the HTTP client wrapper (oeHttp/oeHttpRequest), which disables SSL/TLS certificate verification by default (verify: false). This misconfiguration exposes all external HTTPS connections to man-in-the-middle (MITM) attacks, impacting communications with government healthcare APIs and user-configurable external services, with a potential to compromise Protected Health Information (PHI). The issue is classified under CWE-295 (Improper Certificate Validation) and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker capable of positioning themselves between the OpenEMR instance and external HTTPS endpoints—such as through network control, compromised routers, or ISP-level interception—can exploit this vulnerability. No user privileges or interaction are required, though high attack complexity is needed due to the MITM prerequisites. Successful exploitation allows the attacker to intercept, read, modify, or inject data in transit, leading to high confidentiality, integrity, and availability impacts, particularly the exposure or alteration of sensitive PHI during API interactions.
The OpenEMR security advisory (GHSA-2g6h-725p-pqhp) and associated fix in commit 22f8e53e5769a88b7a16cb223bd197d044c84e5a detail mitigation by enabling certificate verification in version 7.0.4. Security practitioners should upgrade to OpenEMR 7.0.4 or later, review and secure external service configurations, and monitor network traffic for signs of MITM activity.
Details
- CWE(s)