PT-2025-31567 · Opexus · Opexus Foiaxpress Public Access Link
Nathan Spidle
·
Published
2025-07-31
·
Updated
2025-09-12
·
CVE-2025-54834
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0
Description
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the
/App/CreateRequest.aspx endpoint to check for the existence of valid usernames. The system lacks rate-limiting mechanisms.Recommendations
Apply measures to limit the rate of requests to the
/App/CreateRequest.aspx endpoint.
Implement authentication checks for access to the /App/CreateRequest.aspx endpoint.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opexus Foiaxpress Public Access Link