CVE-2026-25147

🔴 HIGH

Published

Feb 27, 2026

Last Modified

Mar 03, 2026

Views

Bookmarks

Description

Request Expert Review

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` and `$pid = ($_REQUEST['hidden_patient_code'] ?? null) > 0 ? $_REQUEST['hidden_patient_code'] : $pid`) instead of being fixed to the authenticated portal user. The portal session already has a valid `$pid` for the logged-in patient. Overwriting it with user-supplied values and using it without authorization allows a portal user to view and interact with another patient's demographics, invoices, and payment history—horizontal privilege escalation and IDOR. Version 8.0.0 contains a fix for the issue.

Affected Products (1)

open-emr - openemr

Version: *

CVSS Scores

CVSS 3.1 7.1

7.1

HIGH

CVSS 2.0 7.1

References

github.com github.com

Additional Information

Source: security-advisories@github.com
State: Analyzed

Related CVEs

CVE-2026-3288

HIGH

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject confi...

Score: 8.8

CVE-2026-31816

CRITICAL

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() mi...

Score: 9.1

CVE-2026-30240

CRITICAL

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the...

Score: 9.6

CVE-2026-25960

HIGH

vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in...

Score: 7.1

CVE-2026-25737

HIGH

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerabilit...

Score: 8.9

CVE-2025-15603

LOW

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the co...

Score: 3.7

Share CVE-2026-25147

Share on Social Media

Copy Link

Embed Code

HTML Embed (for websites/blogs)

Markdown (for GitHub/Discord)

Request Expert Analysis

Request a professional security analysis for CVE-2026-25147 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Priority Level

SLA Acceleration (50% faster delivery)

Add 3 credits for accelerated delivery

Additional Context (Optional)

Base Cost: 8 credits

Priority Upgrade: + credits

SLA Acceleration: +3 credits

Total Cost:

Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

CVE-2026-25147

Description

Affected Products (1)

open-emr - openemr

CVSS Scores

References

Additional Information

Related CVEs

CVE-2026-3288

CVE-2026-31816

CVE-2026-30240

CVE-2026-25960

CVE-2026-25737

CVE-2025-15603

Share CVE-2026-25147

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Credits System

Insufficient Credits

Report Analysis