CVE-2025-67752
📋 TL;DR
OpenEMR versions before 7.0.4 have disabled SSL/TLS certificate verification by default in their HTTP client, making all HTTPS connections vulnerable to man-in-the-middle attacks. This exposes Protected Health Information (PHI) when communicating with government healthcare APIs and external services. Healthcare organizations using vulnerable OpenEMR versions are affected.
💻 Affected Systems
- OpenEMR
📦 What is this software?
Openemr by Open Emr
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept and modify all external HTTPS communications, stealing sensitive PHI, injecting malicious data into healthcare systems, and potentially compromising patient care.
Likely Case
PHI exposure through intercepted communications with government healthcare APIs and external services, leading to data breaches and regulatory violations.
If Mitigated
Limited impact with proper network segmentation and monitoring, but still vulnerable to internal threats and misconfigured services.
🎯 Exploit Status
Exploitation requires network access to intercept HTTPS traffic, but the vulnerability itself is trivial to exploit once in position.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.0.4
Vendor Advisory: https://github.com/openemr/openemr/security/advisories/GHSA-2g6h-725p-pqhp
Restart Required: Yes
Instructions:
1. Backup your OpenEMR installation and database. 2. Download OpenEMR version 7.0.4 or later. 3. Follow the official upgrade instructions at https://www.open-emr.org/wiki/index.php/Upgrading_OpenEMR. 4. Restart web services.
🔧 Temporary Workarounds
Manual SSL Verification Enablement
allManually enable SSL certificate verification in all code using oeHttp/oeHttpRequest by setting verify: true
Find and modify all instances of oeHttp or oeHttpRequest calls to include verify: true parameter
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OpenEMR from untrusted networks.
- Deploy SSL/TLS inspection and monitoring to detect MITM attempts on healthcare API traffic.
🔍 How to Verify
Check if Vulnerable:
Check OpenEMR version via admin interface or examine source code for oeHttp/oeHttpRequest calls with verify: false or missing verify parameter.Check Version:
Check OpenEMR admin interface or grep for version in source filesVerify Fix Applied:
Verify OpenEMR version is 7.0.4 or later and test HTTPS connections fail when presented with invalid certificates.📡 Detection & Monitoring
Log Indicators:
- Failed SSL/TLS handshakes that should succeed
- Unexpected certificate warnings in application logs
Network Indicators:
- Unencrypted healthcare data in network traffic
- Suspicious MITM activity on healthcare API endpoints
SIEM Query:
source="openemr_logs" AND ("SSL" OR "TLS" OR "certificate") AND ("fail" OR "warning" OR "error")