Vulnerability Description
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Emr | Openemr | < 7.0.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/openemr/openemr/commit/aa6f50efb2971285633fa77ea7a50949408cabPatch
- https://github.com/openemr/openemr/security/advisories/GHSA-2pvv-ph3x-2f9hExploitVendor Advisory
- https://github.com/openemr/openemr/security/advisories/GHSA-2pvv-ph3x-2f9hExploitVendor Advisory
FAQ
What is CVE-2025-31117?
CVE-2025-31117 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, ...
How severe is CVE-2025-31117?
CVE-2025-31117 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-31117?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Emr Openemr.