SecuriTricks - CVE-2025-54832

Description

OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.

Product(s) Impacted

Vendor	Product	Versions
Opexus	Foiaxpress	11.1.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-472

External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	opexus	foiaxpress	11.1.0	/	/	/	/	/	/	/

References

https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json

https://www.cve.org/CVERecord?id=CVE-2025-54832

CVSS Score

5.3 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: LOW
User Interaction: NONE
Scope:
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: July 31, 2025, 6:15 p.m.
Last Modified: July 31, 2025, 6:42 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

9119a7d8-5eab-497f-8521-727c672e3725

CVE-2025-54832