Any authenticated user in OpenEMR can read sensitive server files, potentially exposing credentials, configuration data, and patient information.

The disposeDocument() method in EtherFaxActions.php fails to properly validate file paths. This allows any authenticated user, regardless of their privilege level, to perform path traversal and read arbitrary files from the server.

The exposure of sensitive files can lead to a total breach of patient confidentiality (HIPAA violation) and provide attackers with the credentials needed for further lateral movement or full system compromise. The CVSS score of 9.9 reflects the high impact on data integrity and confidentiality.

Immediate Action: Update OpenEMR to version 7.0.4 immediately to patch the insecure file handling logic in the EtherFax component.

Proactive Monitoring: Audit application logs for unusual calls to EtherFaxActions.php and check for attempts to access system files like /etc/passwd or configuration files.

Compensating Controls: Restrict filesystem permissions for the web server user to ensure it cannot access sensitive system directories outside of the application root.

Public Exploit Available: No

Healthcare organizations must prioritize this update due to the sensitive nature of the data handled by OpenEMR. Applying the patch to version 7.0.4 is the only effective way to prevent unauthorized file access by authenticated users.