CVE 9.3 CRITICAL

OPEXUS FOIAXpress PAL SQL injection_CVE-2025-58462

September 9, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.

AI Analysis

OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 is vulnerable to SQL injection, allowing unauthorized database access.

Basic Information

ID CVE-2025-58462

Source cisa-cg

Published Sep 9, 2025 at 21:09

Affected Product

Vendor OPEXUS

Product FOIAXpress Public Access Link (PAL)

Affected Versions OPEXUS FOIAXpress Public Access Link (PAL) 0

CWE Classification

CWE-89

AI Assessment

AI Score 9.3 / 10

AI Severity CRITICAL

Vendor OPEXUS

Product FOIAXpress Public Access Link (PAL)

Version before 11.13.1.0

References

{
    "lastseen": "",
    "description": "OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.",
    "published": "2025-09-09T21:09:48.098Z",
    "modified": "2025-09-09T21:09:48.098Z",
    "type": "cve",
    "title": "OPEXUS FOIAXpress PAL SQL injection",
    "source": "cisa-cg",
    "references": "https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.1.0.pdf\nhttps://www.cve.org/CVERecord?id=CVE-2025-58462\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/IT/white/2025/va-25-252-01.json",
    "id": "CVE-2025-58462",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "OPEXUS FOIAXpress Public Access Link (PAL) 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FOIAXpress Public Access Link (PAL)",
    "version": "0",
    "vendor": "OPEXUS",
    "ai_description": "OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 is vulnerable to SQL injection, allowing unauthorized database access.",
    "ai_severity": "CRITICAL",
    "ai_vendor": "OPEXUS",
    "ai_product": "FOIAXpress Public Access Link (PAL)",
    "ai_version": "before 11.13.1.0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply