CVE-2025-67752
SSL/TLS Verification Bypass in OpenEMR HTTP Client Enables MITM
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open-emr | openemr | to 7.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67752 is a vulnerability in OpenEMR, an open source electronic health records application, where the HTTP client wrappers disable SSL/TLS certificate verification by default prior to version 7.0.4.
This means that when OpenEMR makes HTTPS connections to external services, it does not verify the authenticity of the SSL certificates, making these connections vulnerable to man-in-the-middle (MITM) attacks.
Attackers could intercept, read, or modify sensitive data transmitted over these connections, including Protected Health Information (PHI).
The vulnerability affects communication with government healthcare APIs and user-configurable external services.
Version 7.0.4 of OpenEMR fixes this issue by enabling SSL certificate verification by default and providing configuration options for custom certificate authorities.
How can this vulnerability impact me? :
This vulnerability can have severe impacts by exposing sensitive healthcare data to interception and manipulation.
- Attackers can perform man-in-the-middle attacks to intercept HTTPS communications between OpenEMR and external services.
- Exposed data can include Protected Health Information (PHI) such as patient medications, drug interactions, pharmacy locations, medical device identifiers, patient assessments, and OAuth tokens.
- Attack vectors include compromised network devices, DNS spoofing, and database compromise leading to malicious URL injections.
- The vulnerability can lead to loss of confidentiality, integrity, and availability of sensitive healthcare data.
Overall, this poses significant risks to patient privacy, data integrity, and the security of healthcare operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability violates HIPAA Security Rule Β§164.312(e)(1), which requires transmission security to protect electronic Protected Health Information (ePHI).
Disabling SSL/TLS certificate verification allows insecure transmission channels vulnerable to interception, which is non-compliant with HIPAA requirements.
The fix in OpenEMR version 7.0.4 enforces SSL verification by default to maintain HIPAA compliance.
While GDPR is not explicitly mentioned, exposing personal health data through insecure communications could also violate GDPR principles of data protection and security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by verifying whether OpenEMR's HTTP client wrappers are disabling SSL/TLS certificate verification by default. Specifically, check if the HTTP requests made via cURL or GuzzleHttp clients have SSL verification disabled (`verify: false`)."}, {'type': 'paragraph', 'content': 'You can monitor outbound HTTPS connections for unexpected destinations and audit database globals for unauthorized URL changes that might indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Additionally, use test scripts or tools to verify SSL verification status by attempting connections to sites with expired, wrong hostname, self-signed, or untrusted root certificates. If connections succeed despite invalid certificates, the system is vulnerable.'}, {'type': 'list_item', 'content': 'Use tools like testssl.sh or SSLLabs to test SSL verification behavior.'}, {'type': 'list_item', 'content': 'Run curl commands with verbose output to check SSL verification, for example: `curl -v https://example.com` and observe if SSL errors are ignored.'}, {'type': 'list_item', 'content': 'Audit OpenEMR configuration and code for the presence of `verify: false` in HTTP client options.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to upgrade OpenEMR to version 7.0.4 or later, where SSL certificate verification is enabled by default for all HTTP client requests.'}, {'type': 'paragraph', 'content': 'If upgrading immediately is not possible, configure the environment variable `OPENEMR_SETTING_http_verify_ssl` to `true` to enforce SSL verification.'}, {'type': 'paragraph', 'content': 'For environments using self-signed certificates, generate a CA certificate, sign internal server certificates, mount the CA certificate inside the container or server, and set `OPENEMR_SETTING_http_ca_cert` to the CA certificate path to enable proper verification.'}, {'type': 'paragraph', 'content': 'Audit and monitor outbound HTTPS connections and database globals to detect unauthorized changes or suspicious activity.'}, {'type': 'paragraph', 'content': "Obtain and use valid SSL certificates (e.g., via Let's Encrypt) for all external and internal services to maintain HIPAA compliance and secure communications."}] [1, 2]