CVE-2025-54833

Summary

OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.

Affected Software

VendorProductVersion RangeStatus
OPEXUSFOIAXpress Public Access Link (PAL)11.1.0 < 11.12.3.0affected
OPEXUSFOIAXpress Public Access Link (PAL)11.12.3.0unaffected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts
  • CWE-602: CWE-602 Client-Side Enforcement of Server-Side Security

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References