CVE-2025-54832

Summary

OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.

Affected Software

VendorProductVersion RangeStatus
OPEXUSFOIAXpress Public Access Link (PAL)11.1.0 < 11.12.3.0affected
OPEXUSFOIAXpress Public Access Link (PAL)11.12.3.0unaffected

Weaknesses

  • CWE-472: CWE-472 External Control of Assumed-Immutable Web Parameter

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References