CVE-2025-25928 Information

Description

A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.

Reference

https://github.com/johnchd/CVEs/blob/main/OpenMRS/CVE-2025-25928%20-%20CSRF%20PrivEsc.md