OPEXUS FOIAXpress PAL Unauthorized State List Modification (CVE-2025-54832)

Critical Vulnerability Information CVE ID: CVE-2025-54832 Release Date: 2025-07-31 Update Date: 2025-07-31 Title: OPEXUS FOIAXpress Public Access Link (PAL) State And Territory List Unauthorized Modification Description: OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories. CWE: CWE-472: External Control of Assumed-Immutable Web Parameter CVSS: - Score: 4.3 (Medium) - Version: 3.1 - Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N - Score: 5.3 (Medium) - Version: 4.0 - Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VL:A/N/SC:N Affected Versions: - From 11.1.0 to 11.12.3.0 Unaffected Versions: - 11.12.3.0 and above Vendor: OPEXUS Product: FOIAXpress Public Access Link (PAL) Reference Links: - raw.githubusercontent.com: url - cve.org: url - docs.opexustech.com: url

Goal Reached Thanks to every supporter — we hit 100%!

OPEXUS FOIAXpress PAL Unauthorized State List Modification (CVE-2025-54832)