CVE-2025-31117: 
OpenEMR vulnerability analysis and mitigation

OpenEMR, a free and open source electronic health records and medical practice management application, was found to contain an Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability. The vulnerability, identified as CVE-2025-31117, allows an attacker to force the server to make unauthorized requests to external or internal resources. While this attack does not return a direct response, it can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. The vulnerability was discovered in versions prior to 7.0.3.1 and has been fixed in version 7.0.3.1 (GitHub Advisory).

The vulnerability exists in the Dicom Viewer functionality of OpenEMR, specifically in the file import feature which offers three options: file, folder, and URL. The URL parameter can be exploited for SSRF attacks. The vulnerability has been assigned a CVSS 4.0 Base Score of 6.9 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. The issue is classified as CWE-918 (Server-Side Request Forgery) (NVD).

The vulnerability can be exploited to perform internal port scanning and gain unauthorized access to internal resources. Through DNS or HTTP interactions, attackers can potentially exfiltrate sensitive information from the system. Given that OpenEMR is a medical records system, this could potentially expose sensitive patient data (GitHub Advisory).

The vulnerability has been fixed in OpenEMR version 7.0.3.1. Users are advised to upgrade to this version or later to protect against this vulnerability. The fix involved removing the URL option from the image downloader dialog (GitHub Commit).