Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for FOIAXpress Public Access Link (PAL) by OPEXUS

    CVE-2025-58462 (GCVE-0-2025-58462)

    Vulnerability from nvd – Published: 2025-09-09 21:09 – Updated: 2026-02-26 17:48
    VLAI
    Title
    OPEXUS FOIAXpress PAL SQL injection
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 0 , < 11.13.1.0 (custom)
    Unaffected: 11.13.1.0
    Create a notification for this product.
    Date Public
    2025-08-01 00:00
    Credits
    , undefined
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-11T03:56:22.809695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:47.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.13.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.13.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": ", undefined"
            }
          ],
          "datePublic": "2025-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-58462",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "yes"
                    },
                    {
                      "Technical Impact": "total"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-09-09T16:22:24.160637Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T21:09:48.098Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.1.0.pdf"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-58462"
            },
            {
              "name": "url",
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/IT/white/2025/va-25-252-01.json"
            }
          ],
          "title": "OPEXUS FOIAXpress PAL SQL injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-58462",
        "datePublished": "2025-09-09T21:09:48.098Z",
        "dateReserved": "2025-09-02T21:00:53.965Z",
        "dateUpdated": "2026-02-26T17:48:47.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54834 (GCVE-0-2025-54834)

    Vulnerability from nvd – Published: 2025-07-31 17:26 – Updated: 2025-07-31 18:16
    VLAI
    Title
    OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 11.1.0 , < 11.12.3.0 (custom)
    Unaffected: 11.12.3.0
    Create a notification for this product.
    Date Public
    2025-06-30 00:00
    Credits
    Nathan Spidle, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54834",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T18:16:52.939208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T18:16:59.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.12.3.0",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.12.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nathan Spidle, CISA"
            }
          ],
          "datePublic": "2025-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-54834",
                  "options": [
                    {
                      "Exploitation": "poc"
                    },
                    {
                      "Automatable": "yes"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-06-12T17:01:51.112228Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T17:26:04.606Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-54834"
            },
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf"
            }
          ],
          "title": "OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-54834",
        "datePublished": "2025-07-31T17:26:04.606Z",
        "dateReserved": "2025-07-30T14:04:30.745Z",
        "dateUpdated": "2025-07-31T18:16:59.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54833 (GCVE-0-2025-54833)

    Vulnerability from nvd – Published: 2025-07-31 17:26 – Updated: 2025-08-07 18:49
    VLAI
    Title
    OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 11.1.0 , < 11.12.3.0 (custom)
    Unaffected: 11.12.3.0
    Create a notification for this product.
    Date Public
    2025-06-30 00:00
    Credits
    Nathan Spidle, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-07T18:48:53.421513Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-07T18:49:33.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.12.3.0",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.12.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nathan Spidle, CISA"
            }
          ],
          "datePublic": "2025-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-54833",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "yes"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-08-07T18:40:46.130297Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-07T18:46:48.657Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-54833"
            },
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf"
            }
          ],
          "title": "OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-54833",
        "datePublished": "2025-07-31T17:26:31.457Z",
        "dateReserved": "2025-07-30T14:04:24.410Z",
        "dateUpdated": "2025-08-07T18:49:33.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54832 (GCVE-0-2025-54832)

    Vulnerability from nvd – Published: 2025-07-31 17:25 – Updated: 2025-08-07 18:45
    VLAI
    Title
    OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-472 - External Control of Assumed-Immutable Web Parameter
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 11.1.0 , < 11.12.3.0 (custom)
    Unaffected: 11.12.3.0
    Create a notification for this product.
    Date Public
    2025-06-30 00:00
    Credits
    Nathan Spidle, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54832",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T18:17:29.106511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T18:17:34.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.12.3.0",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.12.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nathan Spidle, CISA"
            }
          ],
          "datePublic": "2025-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-54832",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-08-07T18:43:30.418539Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-472",
                  "description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-07T18:45:45.102Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-54832"
            },
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf"
            }
          ],
          "title": "OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-54832",
        "datePublished": "2025-07-31T17:25:27.272Z",
        "dateReserved": "2025-07-30T14:04:16.458Z",
        "dateUpdated": "2025-08-07T18:45:45.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-58462 (GCVE-0-2025-58462)

    Vulnerability from cvelistv5 – Published: 2025-09-09 21:09 – Updated: 2026-02-26 17:48
    VLAI
    Title
    OPEXUS FOIAXpress PAL SQL injection
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 0 , < 11.13.1.0 (custom)
    Unaffected: 11.13.1.0
    Create a notification for this product.
    Date Public
    2025-08-01 00:00
    Credits
    , undefined
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-11T03:56:22.809695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:47.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.13.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.13.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": ", undefined"
            }
          ],
          "datePublic": "2025-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-58462",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "yes"
                    },
                    {
                      "Technical Impact": "total"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-09-09T16:22:24.160637Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T21:09:48.098Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.1.0.pdf"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-58462"
            },
            {
              "name": "url",
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/IT/white/2025/va-25-252-01.json"
            }
          ],
          "title": "OPEXUS FOIAXpress PAL SQL injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-58462",
        "datePublished": "2025-09-09T21:09:48.098Z",
        "dateReserved": "2025-09-02T21:00:53.965Z",
        "dateUpdated": "2026-02-26T17:48:47.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54833 (GCVE-0-2025-54833)

    Vulnerability from cvelistv5 – Published: 2025-07-31 17:26 – Updated: 2025-08-07 18:49
    VLAI
    Title
    OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 11.1.0 , < 11.12.3.0 (custom)
    Unaffected: 11.12.3.0
    Create a notification for this product.
    Date Public
    2025-06-30 00:00
    Credits
    Nathan Spidle, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-07T18:48:53.421513Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-07T18:49:33.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.12.3.0",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.12.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nathan Spidle, CISA"
            }
          ],
          "datePublic": "2025-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-54833",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "yes"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-08-07T18:40:46.130297Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-07T18:46:48.657Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-54833"
            },
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf"
            }
          ],
          "title": "OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-54833",
        "datePublished": "2025-07-31T17:26:31.457Z",
        "dateReserved": "2025-07-30T14:04:24.410Z",
        "dateUpdated": "2025-08-07T18:49:33.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54834 (GCVE-0-2025-54834)

    Vulnerability from cvelistv5 – Published: 2025-07-31 17:26 – Updated: 2025-07-31 18:16
    VLAI
    Title
    OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 11.1.0 , < 11.12.3.0 (custom)
    Unaffected: 11.12.3.0
    Create a notification for this product.
    Date Public
    2025-06-30 00:00
    Credits
    Nathan Spidle, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54834",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T18:16:52.939208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T18:16:59.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.12.3.0",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.12.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nathan Spidle, CISA"
            }
          ],
          "datePublic": "2025-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-54834",
                  "options": [
                    {
                      "Exploitation": "poc"
                    },
                    {
                      "Automatable": "yes"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-06-12T17:01:51.112228Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T17:26:04.606Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-54834"
            },
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf"
            }
          ],
          "title": "OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-54834",
        "datePublished": "2025-07-31T17:26:04.606Z",
        "dateReserved": "2025-07-30T14:04:30.745Z",
        "dateUpdated": "2025-07-31T18:16:59.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54832 (GCVE-0-2025-54832)

    Vulnerability from cvelistv5 – Published: 2025-07-31 17:25 – Updated: 2025-08-07 18:45
    VLAI
    Title
    OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification
    Summary
    OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-472 - External Control of Assumed-Immutable Web Parameter
    Assigner
    Impacted products
    Vendor Product Version
    OPEXUS FOIAXpress Public Access Link (PAL) Affected: 11.1.0 , < 11.12.3.0 (custom)
    Unaffected: 11.12.3.0
    Create a notification for this product.
    Date Public
    2025-06-30 00:00
    Credits
    Nathan Spidle, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54832",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T18:17:29.106511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T18:17:34.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FOIAXpress Public Access Link (PAL)",
              "vendor": "OPEXUS",
              "versions": [
                {
                  "lessThan": "11.12.3.0",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "11.12.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Nathan Spidle, CISA"
            }
          ],
          "datePublic": "2025-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2025-54832",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2025-08-07T18:43:30.418539Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-472",
                  "description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-07T18:45:45.102Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json"
            },
            {
              "name": "url",
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-54832"
            },
            {
              "name": "url",
              "url": "https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf"
            }
          ],
          "title": "OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2025-54832",
        "datePublished": "2025-07-31T17:25:27.272Z",
        "dateReserved": "2025-07-30T14:04:16.458Z",
        "dateUpdated": "2025-08-07T18:45:45.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }