Cyber Resilience

CVE-2025-67752

HighPublic PoC

Published: 25 February 2026

Published
25 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0023 13.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-67752 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Open-Emr Openemr. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-67752 affects OpenEMR, a free and open source electronic health records and medical practice management application, specifically in versions prior to 7.0.4. The vulnerability resides in the HTTP client wrapper (oeHttp/oeHttpRequest), which disables SSL/TLS certificate verification by default (verify: false). This misconfiguration exposes all external HTTPS connections to man-in-the-middle (MITM) attacks, impacting communications with government healthcare APIs and user-configurable external services, with a potential to compromise Protected Health Information (PHI). The issue is classified under CWE-295 (Improper Certificate Validation) and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker capable of positioning themselves between the OpenEMR instance and external HTTPS endpoints—such as through network control, compromised routers, or ISP-level interception—can exploit this vulnerability. No user privileges or interaction are required, though high attack complexity is needed due to the MITM prerequisites. Successful exploitation allows the attacker to intercept, read, modify, or inject data in transit, leading to high confidentiality, integrity, and availability impacts, particularly the exposure or alteration of sensitive PHI during API interactions.

The OpenEMR security advisory (GHSA-2g6h-725p-pqhp) and associated fix in commit 22f8e53e5769a88b7a16cb223bd197d044c84e5a detail mitigation by enabling certificate verification in version 7.0.4. Security practitioners should upgrade to OpenEMR 7.0.4 or later, review and secure external service configurations, and monitor network traffic for signs of MITM activity.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`), making all external HTTPS connections vulnerable to man-in-the-middle…

more

(MITM) attacks. This affects communication with government healthcare APIs and user-configurable external services, potentially exposing Protected Health Information (PHI). Version 7.0.4 fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper certificate validation (CWE-295) in outbound HTTPS client directly enables adversary-in-the-middle attacks on external connections.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24848Same product: Open-Emr Openemr
CVE-2025-29789Same product: Open-Emr Openemr
CVE-2026-32127Same product: Open-Emr Openemr
CVE-2026-33910Same product: Open-Emr Openemr
CVE-2025-69231Same product: Open-Emr Openemr
CVE-2026-33914Same product: Open-Emr Openemr
CVE-2013-10044Same product: Open-Emr Openemr
CVE-2026-34056Same product: Open-Emr Openemr
CVE-2026-33301Same product: Open-Emr Openemr
CVE-2026-32121Same product: Open-Emr Openemr

Affected Assets

open-emr
openemr
≤ 7.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-8 requires cryptographic mechanisms to protect transmission confidentiality and integrity, directly preventing MITM attacks by mandating proper TLS certificate validation in HTTPS connections.

prevent

CM-6 enforces secure configuration settings for system components like the oeHttp wrapper, ensuring SSL/TLS certificate verification is enabled by default to block MITM vulnerabilities.

prevent

SI-2 mandates timely flaw remediation, including patching OpenEMR to version 7.0.4 or later, which fixes the disabled certificate verification issue.

References