关键漏洞信息 CVE ID: CVE-2025-54833 发布日期: 2025-07-31 更新日期: 2025-07-31 标题: OPEXUS FOIAXpress Public Access Link (PAL) Account-Lockout And CAPTCHA Protection Bypass 描述: OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 允许攻击者绕过账户锁定和CAPTCHA保护。未认证的远程攻击者可以更容易地暴力破解密码。 CWE: - CWE-307: Improper Restriction of Excessive Authentication Attempts - CWE-602: Client-Side Enforcement of Server-Side Security CVSS: - Score: 5.3, Severity: MEDIUM, Version: 3.1, Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - Score: 6.9, Severity: MEDIUM, Version: 4.0, Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:LVl/N/VA:N/SC:N 受影响版本: 11.1.0 到 11.12.3.0 之前 不受影响版本: 11.12.3.0 及以上 参考链接: - raw.githubusercontent.com: url - cve.org: url - docs.opexustech.com: url