CVE-2025-31117

31 Mar 2025

Título es

CVE-2025-31117

Lun, 31/03/2025 – 17:15

Tipo

CWE-918

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-31117

Descripción en

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1.

31/03/2025

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0

6.90

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/openemr/openemr/commit/aa6f50efb2971285633fa77ea7a50949408cab12

https://github.com/openemr/openemr/security/advisories/GHSA-2pvv-ph3x-2f9h

Enviar en el boletín

Off

CVE-2025-31117

CVE-2025-31117

Jose Alexis Correa Valencia