CVE-2025-54832
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-09-12
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opexus | foiaxpress_public_access_link | From 11.1.0 (inc) to 11.12.3.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-472 | The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an authenticated user to add entries to the list of states and territories, which is not intended behavior.
How can this vulnerability impact me? :
An authenticated user could manipulate the list of states and territories by adding unauthorized entries, potentially leading to data integrity issues or misuse of the system's geographic data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70