Browse all 4 CVE security advisories affecting OpenClinica. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenClinica serves as an electronic data capture (EDC) system for clinical trial management, enabling researchers to collect and manage research data. Historically, the platform has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the four recorded CVEs highlight persistent risks in web application security. The platform's complex architecture and handling of sensitive patient data make it an attractive target for attackers, necessitating rigorous security testing and patch management to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12922 | OpenClinica Community Edition CRF Data Import ImportCRFData path traversal — Community EditionCWE-22 | 6.3 | Medium | 2025-11-10 |
| CVE-2025-12921 | OpenClinica Community Edition CRF Data Import ImportCRFData xml injection — Community EditionCWE-91 | 4.3 | Medium | 2025-11-09 |
| CVE-2022-24831 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in OpenClinica — OpenClinicaCWE-89 | 8.3 | High | 2022-05-14 |
| CVE-2022-24830 | Path Traversal in OpenClinica — OpenClinicaCWE-22 | 6.5 | Medium | 2022-05-13 |
This page lists every published CVE security advisory associated with OpenClinica. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.