OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences (e.g. `../`). An attacker with DICOM upload/export permission can write files outside the intended directory, potentially under the web root, leading to arbitrary file write and possibly remote code execution if PHP or other executable files can be written. Version 8.0.0.2 fixes the issue.
References
| Link | Resource |
|---|---|
| https://github.com/openemr/openemr/commit/ddcf04ea769a33cdc1932355224575478df70585 | Patch |
| https://github.com/openemr/openemr/security/advisories/GHSA-rppw-f689-6hrm | Exploit Vendor Advisory |
Configurations
History
20 Mar 2026, 17:18
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Open-emr openemr
Open-emr |
|
| CPE | cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* | |
| References | () https://github.com/openemr/openemr/commit/ddcf04ea769a33cdc1932355224575478df70585 - Patch | |
| References | () https://github.com/openemr/openemr/security/advisories/GHSA-rppw-f689-6hrm - Exploit, Vendor Advisory |
19 Mar 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-19 20:16
Updated : 2026-03-20 17:18
NVD link : CVE-2026-25928
Mitre link : CVE-2026-25928
CVE.ORG link : CVE-2026-25928
JSON object : View
Products Affected
open-emr
- openemr
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')