216.73.216.89

CVE-2025-46823

· Published 29/05/2025 18:15 · Modified 30/05/2025 16:31

Labels: CVE-2025-46823 2025-05-29CVE-2025-46823CWE-862[email protected]

Essential information

Published
29/05/2025 18:15
Modified
30/05/2025 16:31
Author
Creator
CVSS
8.0 HIGH (v3) 8.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openmrs / openmrs module fhir2 cpe:2.3:a:openmrs:openmrs_module_fhir2:<2.5.0:*:*:*:*:*:*:*

References