关键漏洞信息 CVE ID: CVE-2025-54832 发布日期: 2025-07-31 更新日期: 2025-07-31 标题: OPEXUS FOIAXpress Public Access Link (PAL) State And Territory List Unauthorized Modification 描述: OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories. CWE: CWE-472: External Control of Assumed-Immutable Web Parameter CVSS: - Score: 4.3 (Medium) - Version: 3.1 - Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N - Score: 5.3 (Medium) - Version: 4.0 - Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VL:A/N/SC:N 受影响版本: - 从 11.1.0 到 11.12.3.0 未受影响版本: - 11.12.3.0 及以上 厂商: OPEXUS 产品: FOIAXpress Public Access Link (PAL) 参考链接: - raw.githubusercontent.com: url - cve.org: url - docs.opexustech.com: url