{"id":85985,"date":"2025-12-07T21:58:10","date_gmt":"2025-12-07T21:58:10","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-43860-xss-vulnerability-in-openemr-leading-to-potential-system-compromise-or-data-leakage","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-43860-xss-vulnerability-in-openemr-leading-to-potential-system-compromise-or-data-leakage\/","title":{"rendered":"CVE-2025-43860: XSS Vulnerability in OpenEMR Leading to Potential System Compromise or Data Leakage<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

This report focuses on the CVE-2025-43860 vulnerability found in the OpenEMR, an open-source electronic health records and medical practice management application. This vulnerability, a stored cross-site scripting (XSS) issue, affects versions prior to 7.0.3.4 and could allow an authenticated user with patient creation and editing privileges to inject malicious JavaScript code into the system, potentially leading to system compromise or data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-43860
\nSeverity: High (7.6 CVSS)
\nAttack Vector: Web-based
\nPrivileges Required: Low (Authenticated user with editing privileges)
\nUser Interaction: Required
\nImpact: Potential system compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n